Brangus ITBrangus IT
Sample Report

Incident Response Report

Sample post-incident report documenting timeline, root cause, and remediation from a contained security incident.

CONFIDENTIAL — SAMPLE DATA

Incident Response Report

Prepared for: Sample Client Environment

Illustrative data for demonstration purposes only

Scope

  • Incident classification: Ransomware (contained, no encryption completed)
  • Affected systems: 3 file servers, 1 domain controller
  • Response window: detection to full recovery

Executive Summary

A ransomware precursor was detected and contained before encryption began, following lateral movement from a single phished workstation. Total time from detection to containment was 4 hours 12 minutes. No data exfiltration was confirmed. Root cause was traced to a phishing email that bypassed email filtering due to a missing DMARC enforcement policy.

22 min

Time to Detection

4h 12m

Time to Containment

4

Systems Affected

None Confirmed

Data Exfiltrated

Incident Timeline

  • 14:02 — Phishing email delivered, malicious macro executed on workstation
  • 14:35 — Lateral movement detected to file server via SMB
  • 14:41 — SOC alert triggered on anomalous authentication pattern
  • 15:03 — Affected systems isolated from network
  • 18:53 — Full containment confirmed, forensic imaging began

Root Cause

  • Phishing email spoofed a trusted vendor domain lacking DMARC enforcement
  • Workstation lacked application allow-listing to block macro execution
  • Flat internal network allowed rapid lateral movement to file servers

Recommendations

  • Enforce DMARC (p=reject) for all vendor domains after coordinating with affected partners.
  • Deploy application allow-listing on all endpoints to block unauthorized macro/script execution.
  • Accelerate the planned network segmentation project given the lateral movement speed observed.

Want the full report for your environment?

This page shows illustrative sample data. Request a scoped engagement and we'll deliver the real thing for your organization.

Request This Report