Agent skill
incident-response-playbook-templates
Incident response playbook templates for Kubernetes. Detection, containment, remediation, and post-incident procedures with decision trees and validation steps.
Install this agent skill to your Project
npx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/main/plugins/enforce/skills/incident-response-playbook-templates
SKILL.md
Incident Response Playbook Templates
When to Use This Skill
Operational runbooks for Kubernetes security incidents. Each playbook combines decision trees, step-by-step procedures, and validation criteria to enable rapid, confident response to common incident patterns.
This library is designed for teams operating Kubernetes infrastructure at scale, where incident response speed and consistency directly impact security posture and business continuity.
Implementation
Before an Incident
- Review each playbook relevant to your environment and threat model
- Customize commands and thresholds for your cluster configuration
- Test playbook steps in non-production environments
- Train on-call engineers on decision trees and escalation paths
- Integrate with monitoring and alerting systems
During an Incident
- Identify which playbook applies using decision trees
- Follow procedures in sequence without skipping steps
- Document actions and timestamps as you proceed
- Validate success criteria before moving to next phase
- Escalate if playbook doesn't resolve issue or if conditions change
After an Incident
- Collect evidence using post-incident procedures
- Complete RCA templates to identify root causes
- Track improvements in incident tracking system
- Update playbooks based on lessons learned
References
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
github-token-permissions-overview
Understanding GITHUB_TOKEN scope, default permissions, and implementing least-privilege principle for GitHub Actions workflows.
secure
Find and fix security issues before they become incidents. Vulnerability scanning, SBOM generation, supply chain security, and secure authentication workflows.
complete-workflow-examples
Copy-paste hardened CI/CD workflows with SHA-pinned actions, minimal GITHUB_TOKEN permissions, OIDC authentication, and comprehensive security scanning for GitHub Actions.
ephemeral-runner-patterns
Disposable runner patterns for GitHub Actions. Container-based, VM-based, and ARC deployment strategies with complete state isolation between jobs.
action-pinning-overview
Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.
github-actions-security-patterns-hub
Complete security patterns for GitHub Actions covering action pinning, GITHUB_TOKEN permissions, third-party action risks, secret management, and runner security.
Didn't find tool you were looking for?