Shift Handover Template
CONFIDENTIAL Do not share this protocol with other people. Content might include sensitive information.
CAUTION Don’t click any of the listed links in this protocol, except the ones explicitly marked as safe.
📅 Administrative
- Who was working and who is next?
- What does the schedule look like for the next couple of weeks?
🛡️ Detection
- What detections have been written/updated/refactored?
- What False Positive Allowlisting has been done?
🐱💻 Automation
- What automation has been built/updated/refactored? Any Cortex Responders or Analysers?
📡 Notable events, results from daily checks, new vulnerabilities, patches, exploits, attacks…
| Day | Description |
|---|
| Friday | For each case: title, reference and a short summary |
| Weekend | |
| Monday | |
| Tuesday | |
| Wednesday | |
| Thursday | |
| Friday | |
🛠️ Maintenance and the like that may affect us / our systems
- Any maintenance announcements for the system we rely on?
🧪 Pentest Announcements
| Indicator(s) | Timeframe(s) | Targets(s) | Environment(s) | Contact(s) |
|---|
| | | | |
📚 Recommended Readings (Links in this section are safe to click)
| Title | Description | Recommended by | Link |
|---|
| | | |
📈 Metrics
- Number of cases in the past 8 days
- Cases in from previous shifts, but still open
- Average case handling time per severity level (Low, Medium, High, Critical)
- Number of cases which are a true positive with impact
- Overview of the most frequent detections
Relevant Note(s): Incident Response