# Security Runbook > Use this template to security procedures for [threat] detection and response. ## Template Metadata | Field | Details | |-------|---------| | Category | Process | | Owner | [Team or owner] | | Version | [Version number] | | Effective Date | [Date] | | Review Cycle | [Monthly / Quarterly / Annual / Event-based] | | Status | [Draft / In Review / Approved] | ## Threat Overview Description of the threat type and potential impact. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Detection Indicators IOCs, alerts, and log patterns that indicate this threat. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Containment Immediate steps to limit the threat's impact. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Eradication Steps to remove the threat from the environment. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Recovery Steps to restore normal operations. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Evidence Collection What to preserve for forensic analysis. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Reporting Who to notify and required compliance reports. Use Markdown with code blocks. Write for urgency. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Review and Signoff Document review conclusions, approvals, unresolved items, and next review date. | Role | Name | Date | Notes | |------|------|------|-------| | Preparer | [Name] | [Date] | [Notes] | | Reviewer | [Name] | [Date] | [Notes] | | Approver | [Name] | [Date] | [Notes] |