Skip to main content

NIST

Download With Dependencies

This Content Pack helps you follow the phases in handling an incident according to the NIST computer security incident handling guidelines.

ā€œComputer Security Incident Handling Guideā€ by NIST outlines the recommendations for handling a cyber security incident. The NIST Incident Response process contains four steps:

  • Preparation.
  • Detection and Analysis.
  • Containment, Eradication, and Recovery.
  • Post-Incident Activity.
    This NIST content pack contains several playbooks to help streamline your incident response according to NIST guidelines.
What does this pack do?

The playbooks included in this pack help you follow the phases in handling an incident as described in the ā€˜Handling an Incidentā€™ section of NIST - Computer Security Incident Handling Guide.
Handling an incident - Computer Security Incident Handling Guide
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
The ā€œNIST - Handling an Incident Templateā€ playbook helps analysts follow the stages in handling an incident according to NIST guidelines. The ā€œNIST - Lessons Learnedā€ playbook helps SOC teams process an incident after it occurs and facilitates the lessons learned, organized by NIST stages.
The ā€œAccess Investigation - Generic - NISTā€ playbook handles an access incident based on the stages described in the ā€œComputer Security Incident Handling Guideā€.
The playbook included in this pack helps you save time and automate repetitive tasks associated with Access incidents:

  • Handle the incident based on the stages in ā€œHandling an incident - Computer Security Incident Handling Guideā€ by NIST.
  • Set the ā€œNIST Stageā€ field to the different stages most relevant to the ongoing investigation.
  • Gather and enrich user and IP information.
  • Generate an investigation summary report.
  • Notify the relevant parties on the incident.
  • Interact with the suspected user about the activity.
  • Remediate the incident by blocking malicious indicators and disabling the account.
  • Run the ā€œNIST - Lessons learnedā€ sub-playbook to process the incident after the investigation and remediation is over.

As part of this pack, you will also get out-of-the-box ā€œNISTā€ incident type views, with incident fields and a full layout. All of these are easily customizable to suit the needs of your organization.

For more information, visit our Cortex XSOAR Developer Docs

NIST_-_Handling_an_Incident_Template

ā€œComputer Security Incident Handling Guideā€ by NIST outlines the recommendations for handling a cyber security incident. The NIST Incident Response process contains four steps:

  • Preparation.
  • Detection and Analysis.
  • Containment, Eradication, and Recovery.
  • Post-Incident Activity.
    This NIST content pack contains several playbooks to help streamline your incident response according to NIST guidelines.
What does this pack do?

The playbooks included in this pack help you follow the phases in handling an incident as described in the ā€˜Handling an Incidentā€™ section of NIST - Computer Security Incident Handling Guide.
Handling an incident - Computer Security Incident Handling Guide
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
The ā€œNIST - Handling an Incident Templateā€ playbook helps analysts follow the stages in handling an incident according to NIST guidelines. The ā€œNIST - Lessons Learnedā€ playbook helps SOC teams process an incident after it occurs and facilitates the lessons learned, organized by NIST stages.
The ā€œAccess Investigation - Generic - NISTā€ playbook handles an access incident based on the stages described in the ā€œComputer Security Incident Handling Guideā€.
The playbook included in this pack helps you save time and automate repetitive tasks associated with Access incidents:

  • Handle the incident based on the stages in ā€œHandling an incident - Computer Security Incident Handling Guideā€ by NIST.
  • Set the ā€œNIST Stageā€ field to the different stages most relevant to the ongoing investigation.
  • Gather and enrich user and IP information.
  • Generate an investigation summary report.
  • Notify the relevant parties on the incident.
  • Interact with the suspected user about the activity.
  • Remediate the incident by blocking malicious indicators and disabling the account.
  • Run the ā€œNIST - Lessons learnedā€ sub-playbook to process the incident after the investigation and remediation is over.

As part of this pack, you will also get out-of-the-box ā€œNISTā€ incident type views, with incident fields and a full layout. All of these are easily customizable to suit the needs of your organization.

For more information, visit our Cortex XSIAM Developer Docs

NIST_-_Handling_an_Incident_Template

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 9, 2020
Last ReleaseJune 25, 2024
Compliance
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisherā€™s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as ā€œPalo Alto Networks-certifiedā€ or otherwise. For more information, see the Marketplace documentation.