See also Playbooks

Building a framework of actions of IR actions to take in a similar style to MITRE ATT&CK. Very useful.

https://atc-project.github.io/atc-react/

https://atc-project.github.io/react-navigator/

A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.

https://github.com/meirwah/awesome-incident-response

The Incident Response Hierarchy of Needs. Very good although lacking copious quantities of black coffee and fast food.

https://github.com/swannman/ircapabilities

PagerDuty opensourced their IR documentation

https://www.pagerduty.com/blog/incident-response-documentation/

Build your own IR plan

https://cydea.tools/ir-plan/

ENISA's GPG

https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management

NIST's guide

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf

Awesome DFIR's resources are useful

https://awesomedfir.com/

The common DFIR frameworks from Josh Lemon

https://github.com/joshlemon/DFIR-Reference-Frameworks

Writing an Incident Report

https://joshbrunty.github.io/2021/01/27/reporting.html

Recovering AD

https://m365internals.com/2021/04/27/practical-compromise-recovery-guidance-for-active-directory/