Arctic Wolf Unified Portal

Incident Response (IR) Runbooks are divided into different phases. Each phase highlights the response teams that should be involved, the actions that you and the IR team should take, and communication strategies.

Incident Response Runbook phases

Runbooks contain these phases:

Education, Preparation, and Prevention — Information about the cyberattack and the actions you should take to prepare for a cyberattack.
Detection & Identification — Indicators that a cyberattack occurred.
Containment & Initial Investigation — Actions to safely contain the cyberattack.
Eradication & Remediation — Actions to remove the threats from your network and remediate any underlying issues.
Recovery & Restoration — Actions to recover lost data and restore systems to normal.
Forensic Investigation — An overview of the investigation that the IR team performs.
Reporting & Lessons Learned — An overview of the final analysis of the incident.

Portals Cyber JumpStart Portal Arctic Wolf Unified Portal Incident Readiness and Response User Guide Public

Dernière mise à jour : March 30, 2026