- Clone the NIMS Template into your Notion Workspace
- This may take a few minutes
- Create an Incident on the main page
- Also see: Incidents
- Populate the “Incident Timeline” with activities observed throughout the investigation.
- Also see: Timelines
- Create and assign tasks related to the incident.
- Also see: Tasks
graph TD
Incident <--> |References| C[Timeline Entry]
Incident <--> |References| Task
Alert <--> |References| Incident
subgraph Alert Database
direction BT
Alert
end
subgraph Task Database
direction BT
Task
end
subgraph Incident Database
direction BT
Incident
end
subgraph Timeline Database
direction BT
C
end
subgraph IOC Database
direction BT
IOC
end
subgraph Asset Database
direction BT
Asset
end
subgraph Account Database
direction BT
Account
end
subgraph Tactics Database
direction BT
Tactic
end
subgraph Techniques Database
direction BT
Technique
end
C <--> |References| IOC
C <--> |References| Asset
C <--> |References| Account
C --> |References| Tactic
C --> |References| Technique