What tools does the Security Incident Responder use?

The skill utilizes specialized Bash commands for log analysis, network tracing, and forensics, alongside standard file manipulation tools to document the incident.

How does this skill help during a ransomware attack?

It provides a structured workflow for containing the attack, identifying the entry point, and coordinating recovery while ensuring all forensic evidence is preserved.

Can this skill generate official documentation?

Yes, it automatically creates a standardized incident response playbook in Markdown format, including triage details, containment steps, and recovery plans.

Do I need specific permissions to use this skill?

Yes, you need read access to system/application logs and write permissions for the directory where incident documentation is stored for the skill to function correctly.

Security Incident Responder

Name: Security Incident Responder
Author: jeremylongshore

byjeremylongshore

•

983

•

Security & Testing

Analyzes and orchestrates security incident response, forensic investigations, and remediation workflows within Claude Code.

This skill empowers Claude to act as a digital forensics and incident response (DFIR) assistant by guiding users through the critical stages of an incident lifecycle. It facilitates rapid triage, evidence preservation, and root cause analysis by leveraging specialized tools for log analysis, network tracing, and system forensics. Whether handling ransomware, data breaches, or unauthorized access, this skill helps contain threats and automatically generates standardized incident playbooks and after-action reports to ensure compliance and recovery.

Key Features

01Automated incident triage and impact scoping

02Integration with specialized Bash tools for deep system forensics

03Automated generation of standardized incident response playbooks

04Step-by-step guidance for threat containment and eradication

05983 GitHub stars

06Forensic evidence preservation using log analysis and network captures

Use Cases

01Developing and documenting post-incident After-Action Reports (AAR)

02Responding to active ransomware attacks or malware infections

03Investigating unauthorized data access or potential data breaches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills responding-to-security-incidents

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Automated incident triage and impact scoping

02Integration with specialized Bash tools for deep system forensics

03Automated generation of standardized incident response playbooks

04Step-by-step guidance for threat containment and eradication

05983 GitHub stars

06Forensic evidence preservation using log analysis and network captures

Use Cases

01Developing and documenting post-incident After-Action Reports (AAR)

02Responding to active ransomware attacks or malware infections

03Investigating unauthorized data access or potential data breaches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills responding-to-security-incidents

For use in Claude.ai and ChatGPT

Download Skill