security-operations-ransomware-playbook-builder
by LocoLoboZ
Build structured, tool-agnostic ransomware incident response playbooks tailored to your SOC and organizational context.
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- Define technical triage steps based on specific SIEM and EDR evidence.
$15
· or 75 creditsSecure checkout via Stripe
Included in download
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- terminal automation included
- Ready for including Claude Code
Sample input
Build a ransomware incident response playbook for our security operations team covering Tier 1 and Tier 2 analysts, the incident response team, and executive stakeholders. Our SIEM is generic for now and our EDR is to be confirmed. Include escalation matrix, evidence preservation, recovery validation, and a test prompt set.
Sample output
The skill produces a structured playbook with overview, scope, roles and responsibilities, tooling placeholders, detection and triage workflow, containment workflow, eradication and forensic support steps, recovery and restoration validation, communications and approval gates, evidence preservation requirements, business continuity considerations, decision gates, an after-action improvement tracker, and a set of test prompts covering clear trigger, ambiguous trigger, missing input, and negative trigger scenarios. All tooling references are marked as placeholders until the user supplies confirmed product names.
Build structured, tool-agnostic ransomware incident response playbooks tailored to your SOC and organizational context.
$15
· or 75 creditsSecure checkout via Stripe
Also available in a bundle
Included in download
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- terminal automation included
- Ready for including Claude Code
- Instant install
Sample input
Build a ransomware incident response playbook for our security operations team covering Tier 1 and Tier 2 analysts, the incident response team, and executive stakeholders. Our SIEM is generic for now and our EDR is to be confirmed. Include escalation matrix, evidence preservation, recovery validation, and a test prompt set.
Sample output
The skill produces a structured playbook with overview, scope, roles and responsibilities, tooling placeholders, detection and triage workflow, containment workflow, eradication and forensic support steps, recovery and restoration validation, communications and approval gates, evidence preservation requirements, business continuity considerations, decision gates, an after-action improvement tracker, and a set of test prompts covering clear trigger, ambiguous trigger, missing input, and negative trigger scenarios. All tooling references are marked as placeholders until the user supplies confirmed product names.
About This Skill
Professional Ransomware Incident Response Design
In the high-stakes environment of a ransomware attack, ambiguity is the enemy. Manual prompting often results in generic advice that ignores your specific tech stack, escalation hierarchies, and regulatory obligations. This skill transforms your high-level requirements into a production-ready, structured defensive playbook.
What it does
This skill acts as a Security Operations Architect, guiding you through the creation, review, or conversion of ransomware response procedures. It covers the entire lifecycle: Preparation, Detection, Triage, Containment, Eradication, Recovery, and After-Action Review. It ensures that every step is actionable, every role is defined, and every decision gate is clear.
Framework and Tool Agnostic
Unlike basic prompts that guess your environment, this skill is designed to ingest your specific context. It works across any SIEM, EDR, NDR, or SOAR platform by asking for your available evidence sources and tooling before generating workflows. This ensures the output integrates directly into your existing SOC operations.
Why use this skill?
- Audit-Ready Documentation: Produces structured playbooks aligned with cyber governance and assurance standards.
- Context-Aware Workflows: Tailors response steps to your organizational roles, communication triggers, and recovery validation points.
- Operational Safety: Built-in quality gates prevent the inclusion of offensive material and ensure legal/insurance matters are properly escalated.
- Validation Ready: Automatically generates test prompts and tabletop scenarios to exercise your new playbook.
Use Cases
- Generate vendor-agnostic IR playbooks from existing internal notes.
- Create a severity-based escalation matrix for executive stakeholders.
- Define technical triage steps based on specific SIEM and EDR evidence.
- Develop recovery validation checklists to ensure clean returns-to-service.
- Produce tabletop exercise prompts to test incident response readiness.
Known Limitations
- Requires user-provided tool context for platform-specific commands.
- Does not provide legal or ransom negotiation advice.
- Strategic guidance only: not for real-time live incident automation.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/security-operations-ransomware-playbook-builder -o /tmp/security-operations-ransomware-playbook-builder.zip && unzip -o /tmp/security-operations-ransomware-playbook-builder.zip -d ~/.claude/skills && rm /tmp/security-operations-ransomware-playbook-builder.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, and any agent that supports the Universal SKILL.md standard. Requires user-supplied organisational context and tooling confirmation.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Also available in a bundle
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
PII & Data-Leak Scanner
Scan your schemas, seed data, config, and logs for personal data before it leaks. Detects PII-indicating column and key names (email, ssn, phone, address) across SQL, CSV, and JSON, plus PII in the data itself: email addresses, SSN-like numbers, credit-card-like numbers, phone numbers, and PII written into log files. Each finding is flagged with its location and a GDPR-style review note. Heuristic by design: it surfaces what to review, not a compliance guarantee.
incident-postmortem
Transform raw incident logs and Slack threads into blameless, structured postmortems and 5-Whys RCA reports.
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.