Security Incident Intake
- Capture timeline start and detection source.
- Preserve logs and access snapshots before remediating.
- Isolate affected credentials and rotate secrets.
- Notify required stakeholders and legal contacts.
Operator field manual: playbooks, runbooks, checklists, and postmortems.