II.
Workflow overview
Reference · liveworkflow:security-incident-response
Security Incident Response overview
Structured response to security incidents — detection confirmation, severity classification, containment actions, evidence preservation, eradication, recovery, and post-incident review. Follows NIST incident response framework with defined communication protocols.
Attributes
displayName
Security Incident Response
workflowKind
operational
triggerType
event-driven
typicalCadence
on-demand
complexity
cross-team
description
Structured response to security incidents — detection confirmation,
severity classification, containment actions, evidence preservation,
eradication, recovery, and post-incident review. Follows NIST
incident response framework with defined communication protocols.
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:security·DomainSecurity
involves_role3
- role:soc-analyst·RoleSOC Analyst
- role:blue-team-lead·RoleBlue Team Lead
- role:incident-commander·RoleIncident Commander
requires_skill_area3
- skill-area:incident-response·SkillAreaIncident Response
- skill-area:incident-response-forensics·SkillAreaIncident Response and Forensics
- skill-area:security-monitoring-siem·SkillAreaSecurity Monitoring and SIEM
triggers_responsibility2
- responsibility:security-incident-triage·ResponsibilitySecurity incident triage
- responsibility:incident-response·Responsibility
Incoming edges
None.