Skip to main content
Glama

AIM-Guard-MCP

by AIM-Intelligence
npmGitHub
TypeScript
ISC License
12
10
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
incident-response.mdā€¢2.49 kB
# Security Incident Response Procedure ## Incident Severity Levels ### šŸŸ¢ LOW (P4) - **Definition**: Minimal business impact, no data compromise - **Response Time**: 24 hours - **Examples**: Failed login attempts, minor policy violations - **Notification**: IT security team ### šŸŸ” MEDIUM (P3) - **Definition**: Limited data exposure, contained impact - **Response Time**: 4 hours - **Examples**: Malware detection, unauthorized access attempt (blocked) - **Notification**: Security manager, affected department ### šŸŸ  HIGH (P2) - **Definition**: Significant data exposure or system compromise - **Response Time**: 1 hour - **Examples**: Successful unauthorized access, data exfiltration attempt - **Notification**: CISO, department heads, legal ### šŸ”“ CRITICAL (P1) - **Definition**: Major breach, widespread impact, regulatory implications - **Response Time**: Immediate (15 minutes) - **Examples**: Mass data breach, ransomware, system-wide compromise - **Notification**: C-suite, board, legal, PR, regulators ## Response Phases ### 1. DETECTION & IDENTIFICATION - Monitor security alerts and anomalies - Validate incident authenticity - Determine severity level - Document initial findings ### 2. CONTAINMENT **Short-term Containment** - Isolate affected systems - Block malicious IPs/domains - Disable compromised accounts - Preserve evidence **Long-term Containment** - Apply security patches - Rebuild compromised systems - Implement additional controls - Maintain business operations ### 3. ERADICATION - Remove malware/threats - Close security gaps - Patch vulnerabilities - Validate system integrity ### 4. RECOVERY - Restore systems from clean backups - Verify system functionality - Monitor for re-infection - Gradual return to normal operations ### 5. POST-INCIDENT - Conduct lessons learned session - Update security controls - Improve detection capabilities - Document incident fully - Update response procedures ## Contact Information - **Security Operations Center (SOC)**: [24/7 hotline] - **CISO Office**: [Email/Phone] - **Legal Department**: [Email/Phone] - **PR/Communications**: [Email/Phone] ## Do's and Don'ts ### DO āœ… Report incidents immediately āœ… Preserve evidence āœ… Document everything āœ… Follow established procedures āœ… Communicate clearly ### DON'T šŸš« Panic or make hasty decisions šŸš« Delete or modify evidence šŸš« Attempt to handle alone šŸš« Communicate publicly without approval šŸš« Resume operations without validation

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/AIM-Intelligence/AIM-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server