security-operations-ransomware-playbook-builder
Build structured, tool-agnostic ransomware incident response playbooks tailored to your SOC and organizational context.
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- Define technical triage steps based on specific SIEM and EDR evidence.
Secure checkout via Stripe
Included in download
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- terminal automation included
- Ready for including Claude Code
See it in action
A real example of what this skill takes in and produces.
Sample input
Build a ransomware incident response playbook for our security operations team covering Tier 1 and Tier 2 analysts, the incident response team, and executive stakeholders. Our SIEM is generic for now and our EDR is to be confirmed. Include escalation matrix, evidence preservation, recovery validation, and a test prompt set.
Sample output
The skill produces a structured playbook with overview, scope, roles and responsibilities, tooling placeholders, detection and triage workflow, containment workflow, eradication and forensic support steps, recovery and restoration validation, communications and approval gates, evidence preservation requirements, business continuity considerations, decision gates, an after-action improvement tracker, and a set of test prompts covering clear trigger, ambiguous trigger, missing input, and negative trigger scenarios. All tooling references are marked as placeholders until the user supplies confirmed product names.
security-operations-ransomware-playbook-builder
Build structured, tool-agnostic ransomware incident response playbooks tailored to your SOC and organizational context.
Secure checkout via Stripe
Included in download
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- terminal automation included
- Ready for including Claude Code
- Instant install
See it in action
A real example of what this skill takes in and produces.
Sample input
Build a ransomware incident response playbook for our security operations team covering Tier 1 and Tier 2 analysts, the incident response team, and executive stakeholders. Our SIEM is generic for now and our EDR is to be confirmed. Include escalation matrix, evidence preservation, recovery validation, and a test prompt set.
Sample output
The skill produces a structured playbook with overview, scope, roles and responsibilities, tooling placeholders, detection and triage workflow, containment workflow, eradication and forensic support steps, recovery and restoration validation, communications and approval gates, evidence preservation requirements, business continuity considerations, decision gates, an after-action improvement tracker, and a set of test prompts covering clear trigger, ambiguous trigger, missing input, and negative trigger scenarios. All tooling references are marked as placeholders until the user supplies confirmed product names.
About This Skill
Professional Ransomware Incident Response Design
In the high-stakes environment of a ransomware attack, ambiguity is the enemy. Manual prompting often results in generic advice that ignores your specific tech stack, escalation hierarchies, and regulatory obligations. This skill transforms your high-level requirements into a production-ready, structured defensive playbook.
What it does
This skill acts as a Security Operations Architect, guiding you through the creation, review, or conversion of ransomware response procedures. It covers the entire lifecycle: Preparation, Detection, Triage, Containment, Eradication, Recovery, and After-Action Review. It ensures that every step is actionable, every role is defined, and every decision gate is clear.
Framework and Tool Agnostic
Unlike basic prompts that guess your environment, this skill is designed to ingest your specific context. It works across any SIEM, EDR, NDR, or SOAR platform by asking for your available evidence sources and tooling before generating workflows. This ensures the output integrates directly into your existing SOC operations.
Why use this skill?
- Audit-Ready Documentation: Produces structured playbooks aligned with cyber governance and assurance standards.
- Context-Aware Workflows: Tailors response steps to your organizational roles, communication triggers, and recovery validation points.
- Operational Safety: Built-in quality gates prevent the inclusion of offensive material and ensure legal/insurance matters are properly escalated.
- Validation Ready: Automatically generates test prompts and tabletop scenarios to exercise your new playbook.
Use Cases
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- Define technical triage steps based on specific SIEM and EDR evidence.
- Develop recovery validation checklists to ensure clean returns-to-service.
- Produce tabletop exercise prompts to test incident response readiness.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/security-operations-ransomware-playbook-builder | tar xz -C ~/.claude/skills/Free skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, and any agent that supports the Universal SKILL.md standard. Requires user-supplied organisational context and tooling confirmation.