SANS - Lessons Learned

Assists in post-processing an incident and facilitates the lessons learned stage, as presented by SANS Institute ‘Incident Handler’s Handbook’ by Patrick Kral.

***Disclaimer: This playbook does not ensure compliance to SANS regulations.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionRequired
DataCollectionUses a data collection task to answer lessons learned questions based on SANS. Specify "True" to automatically send the communication task, and "False" to prevent it.Optional
EmailThe email address to which to send the questions.Optional

Playbook Outputs


PathDescriptionType
SANS - Lessons Learned.Answers.0The time the problem was first detected and by whom.longText
SANS - Lessons Learned.Answers.1The scope of the incident.longText
SANS - Lessons Learned.Answers.2The way the incident was contained and eradicated.longText
SANS - Lessons Learned.Answers.3The work performed during recovery.longText
SANS - Lessons Learned.Answers.4The areas where the CIRT teams were effective.longText
SANS - Lessons Learned.Answers.5The areas that need improvement.longText
SANS - Lessons Learned.Answers.6Share ideas and information in order to improve team effectiveness in future incidents.longText
SANS - Lessons Learned.Answers.nameThe answered username or email address.unknown

Playbook Image


SANS_Lessons_Learned