NeoShield Security logo NeoShield Security Quantum X

// tool reference · Incident & Response

AI Incident Response Free + Pro

A calm, tailored "I've been hacked, what now?" plan.

Open AI Incident Response →


What it does

Describe an incident and get a structured response plan: containment, evidence preservation order, eradication, recovery, and a notification checklist that includes Japan's APPI alongside GDPR.

When to use it

Inputs

Field names are the actual form parameters, verified against source.

FieldTypeRequiredNotes
description textarea required What happened, what you observed, what is affected.
scenario select optional Incident class.
audience select optional Who the output is for — responder or executive.

What you get back

A phased plan with an evidence-preservation order and notification obligations.

Worked example

Input

Ransomware note on a file server. SMB shares encrypted. Backups may be affected.

Output (abridged)

CONTAIN (now)
  1. Isolate at the SWITCH, not by shutdown — RAM holds keys and
     evidence. Pull the network, leave it powered.
  2. Disable the file server's AD account to stop lateral spread.
  3. Verify backup isolation BEFORE touching backups. If the backup
     server shares a domain, assume it is compromised.

PRESERVE (order matters — most volatile first)
  RAM → network state → disk image → logs

NOTIFY
  · Japan APPI: report to the PPC without delay where rights/interests
    are at risk; notify affected individuals.
  · GDPR (if EU subjects): 72h to the supervisory authority.
  · Preserve evidence before wiping — insurers and police will ask.

DO NOT pay before legal counsel. DO NOT wipe before imaging.

How it works

Deterministic playbook selection, AI-tailored to your description.

Limits

Read live from the platform configuration.

Free— plan
Pro— plans

Privacy

Your description is sent to the AI provider. Redact names and customer identifiers.

Standards

NIST SP 800-61Japan APPIGDPR Art. 33/34

Related tools

← All tools Manual home