Skip to content

Playbooks

The contents of this library are provided for informational purposes only. It represents the current product offerings and practices from Amazon Web Services (AWS) as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

What this Repository Is

This collections of files is provided as an example framework for customers to create, develop, and integrate security playbooks in preparation for potential attack scenarios when using AWS services.

These playbooks contains translations performed using machine translation with AWS Translate. These playbooks have not been reviewed by a human translator and may contain contextual or grammatical errors. Please ensure you review the documents before using to ensure correct context and language for your individual use case. If you would like to contribute to correcting errors and reviewing the errors, we welcome that assistance.

Contributing to the Incident Response Playbooks

Impostor Syndrome Disclaimer

Before we get into the details: We want your help. No, really.

There may be a little voice inside your head that is telling you that you're not ready to contribute to playbooks; that your skills aren't nearly good enough to contribute. What could you possibly offer a project like this one? We assure you -- the little voice in your head is wrong. If you can write code at all or have experience with incident response, then we need your contributions! Writing perfect playbooks isn't the measure of a good responder (that would disqualify all of us!); it's trying to create something, making mistakes, and learning from those cmistakes. That's how we all improve.

We've provided a clear playbook creation guide. This outlines the process that you'll need to follow to get a playbook developed and approved for use with Ziplines. By making expectations and process explicit, we hope it will make it easier for you to contribute. And you don't just have to write code. You can help out by writing documentation, tests, or even by giving feedback about this work. (And yes, that includes giving feedback about everything in this README)

Playbook Index

Preparation

Administrative

Communications

Response Scenarios

100-200 Level Scenarios

300-400 Level Scenarios

AWS Analysis Tools

References