Phishing Response Playbook: A Blue Team Guide

A practical guide to handling phishing incidents.

Phase 1: Initial Triage

First steps when a phishing report comes in.

Phase 2: Investigation

How to analyze the email and check for compromise.

Phase 3: Containment

Steps to contain the threat.

Phase 4: Eradication

Removing the threat from the environment.

Phase 5: Recovery

Getting back to normal operations.

Phase 6: Lessons Learned

Improving for next time.