building-incident-response-dashboard

Featured

Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.

AI & Automation 15,448 stars 1852 forks Updated 1 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Building Incident Response Dashboard ## When to Use Use this skill when: - IR teams need real-time dashboards during active incidents for coordination and tracking - SOC leadership requires operational dashboards showing incident status and analyst workload - Post-incident reviews need visual timelines and impact assessments - Executive briefings require high-level incident metrics and trend analysis **Do not use** for day-to-day SOC monitoring dashboards (use Incident Review instead) — IR dashboards are designed for active incident coordination and management reporting. ## Prerequisites - SIEM platform (Splunk with Dashboard Studio, Elastic Kibana, or Grafana) - Notable event and incident data in SIEM (Splunk ES incident_review index) - Ticketing system integration (ServiceNow, Jira) for remediation tracking - Asset and identity lookup tables for context enrichment - Dashboard publishing access for SOC team and management distribution ## Workflow ### Step 1: Design Active Incident Dashboard Layout Build a Splunk Dashboard Studio dashboard for active incident tracking: ```xml <dashboard version="2" theme="dark"> <label>Active Incident Response Dashboard</label> <description>Real-time tracking for IR-2024-0450</description> <row> <panel> <title>Incident Summary</title> <single> <search> <query> | makeresults | eval incident_id="IR-2024-0450", status="CONTAINMENT", severity="Critical", affected_hosts=7, ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
1 weeks ago
Language
Python
License
Apache-2.0

Integrates with

Elasticsearch · Database Grafana · Monitoring

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

building-incident-response-playbook

Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.

38 Updated yesterday
adriannoes
AI & Automation Featured

building-incident-response-playbook

Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.

15,448 Updated 1 weeks ago
mukul975
AI & Automation Featured

grafana-dashboards

Create and manage production-ready Grafana dashboards for comprehensive system observability.

27,984 Updated today
davila7