Back to docs
Recipe

Incident Response

Step-by-step playbook for triaging, containing, and recovering from security incidents detected by Meridian.

Phase 1 — Triage

  • 1.Acknowledge the alert in the Meridian dashboard within 5 minutes.
  • 2.Record severity, affected host, and process tree snapshot.
  • 3.Classify: false positive, low, medium, high, critical.

Phase 2 — Containment

  • 1.Isolate the host via Meridian one-click quarantine.
  • 2.Capture memory dump and disk artifacts before reboot.
  • 3.Block associated IOCs across the fleet.

Phase 3 — Recovery

  • 1.Reimage affected systems from known-good baseline.
  • 2.Rotate credentials exposed during the incident window.
  • 3.Document timeline and submit post-mortem within 24 hours.

Need help during an active incident? Contact emergency support — available 24/7 for enterprise customers.