In the high-stakes environment of a ransomware attack, ambiguity is the enemy. Manual prompting often results in generic advice that ignores your specific tech stack, escalation hierarchies, and regulatory obligations. This skill transforms your high-level requirements into a production-ready, structured defensive playbook.
This skill acts as a Security Operations Architect, guiding you through the creation, review, or conversion of ransomware response procedures. It covers the entire lifecycle: Preparation, Detection, Triage, Containment, Eradication, Recovery, and After-Action Review. It ensures that every step is actionable, every role is defined, and every decision gate is clear.
Unlike basic prompts that guess your environment, this skill is designed to ingest your specific context. It works across any SIEM, EDR, NDR, or SOAR platform by asking for your available evidence sources and tooling before generating workflows. This ensures the output integrates directly into your existing SOC operations.
Audit-Ready Documentation: Produces structured playbooks aligned with cyber governance and assurance standards.
Context-Aware Workflows: Tailors response steps to your organizational roles, communication triggers, and recovery validation points.
Operational Safety: Built-in quality gates prevent the inclusion of offensive material and ensure legal/insurance matters are properly escalated.
Validation Ready: Automatically generates test prompts and tabletop scenarios to exercise your new playbook.