DFIR Playbook Library
Last updated: May 2026
24 pre-built incident response playbooks, ready to deploy or customise in NOVE's SOAR engine.
Automated host isolation, IOC enrichment, C2 blocking, and stakeholder notification across all affected systems.
Avg. execution: 23 min / 9 automated steps
Header analysis, URL detonation, credential harvest detection, and affected user enumeration with automated triage.
Avg. execution: 12 min / 7 automated steps
Behavioural anomaly triage, data exfiltration analysis, access log review, and case escalation workflows.
Avg. execution: 8 min / 6 automated steps
YARA memory scan, C2 beacon analysis, lateral movement mapping, and forensic evidence preservation with chain of custody.
Avg. execution: 45 min / 11 automated steps
Evidence collection, regulatory timeline calculation, notification draft generation, and audit export for GDPR/HIPAA compliance.
Avg. execution: 2 hrs / 8 automated steps
Mailbox forensics, wire transfer trace, identity correlation, and account remediation across Microsoft 365 and Google Workspace.
Avg. execution: 18 min / 7 automated steps
IAM audit, permission enumeration, anomalous API call triage, and credential revocation across AWS, Azure, and GCP.
Avg. execution: 14 min / 6 automated steps
Volatility process tree analysis, SSDT hook detection, hidden module scan, and YARA cross-validation for kernel-level threats.
Avg. execution: 6 min / 5 automated steps
All playbooks are available inside NOVE after login. Enterprise customers receive custom playbook development tailored to their environment and compliance requirements.