// tool reference · Incident & Response
AI Incident Response Free + Pro
A calm, tailored "I've been hacked, what now?" plan.
What it does
Describe an incident and get a structured response plan: containment, evidence preservation order, eradication, recovery, and a notification checklist that includes Japan's APPI alongside GDPR.
When to use it
- An incident is live and you need an ordered plan; tabletop preparation.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| description | textarea | required | What happened, what you observed, what is affected. |
| scenario | select | optional | Incident class. |
| audience | select | optional | Who the output is for — responder or executive. |
What you get back
A phased plan with an evidence-preservation order and notification obligations.
Worked example
Input
Ransomware note on a file server. SMB shares encrypted. Backups may be affected.
Output (abridged)
CONTAIN (now)
1. Isolate at the SWITCH, not by shutdown — RAM holds keys and
evidence. Pull the network, leave it powered.
2. Disable the file server's AD account to stop lateral spread.
3. Verify backup isolation BEFORE touching backups. If the backup
server shares a domain, assume it is compromised.
PRESERVE (order matters — most volatile first)
RAM → network state → disk image → logs
NOTIFY
· Japan APPI: report to the PPC without delay where rights/interests
are at risk; notify affected individuals.
· GDPR (if EU subjects): 72h to the supervisory authority.
· Preserve evidence before wiping — insurers and police will ask.
DO NOT pay before legal counsel. DO NOT wipe before imaging.
How it works
Deterministic playbook selection, AI-tailored to your description.
Limits
Read live from the platform configuration.
| Free | — plan |
| Pro | — plans |
Privacy
Your description is sent to the AI provider. Redact names and customer identifiers.
Standards
NIST SP 800-61Japan APPIGDPR Art. 33/34
Related tools
AI Incident Report Writer
Turn incident facts and findings into a structured report — summary, timeline, impact, MITRE mapping, remediation.
Log Analyzer
Paste logs to detect brute-force, privilege escalation and malware indicators with MITRE mapping.
Ransomware Readiness
Self-assess your resilience to a ransomware attack.