# CCDC Incident Report Template

## Incident Information

| Field | Value |
|-------|-------|
| **Incident ID** | IR-[YYYY]-[###] |
| **Date/Time Detected** | |
| **Date/Time Reported** | |
| **Reported By** | |
| **Severity** | [ ] Critical  [ ] High  [ ] Medium  [ ] Low |
| **Status** | [ ] Open  [ ] Investigating  [ ] Contained  [ ] Resolved |

---

## Executive Summary
_One paragraph description of the incident for White Team/Management_




---

## Affected Systems

| Hostname | IP Address | Role | Impact |
|----------|------------|------|--------|
| | | | |
| | | | |
| | | | |

---

## Timeline of Events

| Time | Event | Source | Action Taken |
|------|-------|--------|--------------|
| | Initial detection | | |
| | | | |
| | | | |
| | Incident contained | | |
| | Incident resolved | | |

---

## Technical Details

### Attack Vector
_How did the attacker gain access?_


### Indicators of Compromise (IOCs)

**IP Addresses:**
-

**File Hashes:**
-

**File Paths:**
-

**Registry Keys (Windows):**
-

**User Accounts:**
-

### Commands/Tools Used by Attacker
```
# Paste relevant log entries or commands here
```

---

## Containment Actions

- [ ] Isolated affected system(s) from network
- [ ] Disabled compromised account(s)
- [ ] Blocked malicious IP(s) at firewall
- [ ] Killed malicious process(es)
- [ ] Removed persistence mechanism(s)
- [ ] Changed affected credentials

**Detailed Actions:**
1.
2.
3.

---

## Recovery Actions

- [ ] Restored system from known-good backup
- [ ] Reinstalled affected service(s)
- [ ] Verified service functionality
- [ ] Re-enabled network connectivity
- [ ] Confirmed scoring engine checks passing

**Detailed Actions:**
1.
2.
3.

---

## Root Cause Analysis

_What vulnerability or misconfiguration allowed this incident?_


---

## Lessons Learned

_What will we do differently to prevent this in the future?_


---

## Evidence Preservation

| Evidence Type | Location | Hash (SHA256) | Collected By |
|--------------|----------|---------------|--------------|
| Log file | | | |
| Memory dump | | | |
| Screenshot | | | |

---

## Sign-Off

| Role | Name | Signature | Date/Time |
|------|------|-----------|-----------|
| Incident Handler | | | |
| Team Captain | | | |

---

_Template by CCDC.x1000.ai - Elite Blue Team Training Platform_