# Event report

<!-- ASSURED documentation: the nine-section event report
     (https://assured-methodology.vercel.app/docs/documentation/standards#format).
     This is the closure-time record, written for the future reader. It is a
     different artifact from the escalation handoff packet; when a packet
     exists, map it in per the crosswalk on the Standards page. -->

## 1. Event overview

<!-- Who, what, when, where, how, at a glance. -->

- Alert identifier:
- Detection date/time (UTC):
- Affected system or environment:
- Plain-language description of observed behavior:
- Current status: resolved / ongoing / escalated

## 2. Timeline of events

<!-- Chronological breakdown: initial alert, investigative actions with UTC
     timestamps, response measures, phase transitions, delays or decision
     points, final resolution. -->

| Timestamp (UTC) | Actor | Action taken | Rationale | Outcome / result |
| --- | --- | --- | --- | --- |
|  |  |  |  |  |

## 3. Origin and scope

<!-- How the event originated and its impact radius, as established at
     triage: initial access vector as observed, adversary TTPs, affected
     systems / identities, lateral movement, privilege escalation, data
     exposure, evidence references. For escalated cases, link IR's
     root-cause analysis; do not restate it. -->

## 4. Actions taken

<!-- Investigative procedures, containment measures, remediation tasks:
     tools or methods used, responsible individual or team, outcome of each
     action. -->

-

## 5. Business impact

<!-- Technical detail translated into organizational consequence:
     operational disruption, financial impact, regulatory implications,
     reputational effects, SLA violations, external communications. -->

## 6. Indicators of compromise

<!-- Network indicators (IPs, domains, URLs), host-based indicators (files,
     registry keys), email indicators, each with confidence levels and
     recommended detection logic. List the MITRE ATT&CK technique chain here
     too, labeled as behavior (TTPs), not as indicators. -->

-

## 7. Lessons learned

<!-- Detection gaps, process inefficiencies, response challenges,
     communication breakdowns, successful tactics, technology limitations. -->

-

## 8. Post-incident recommendations

<!-- Specific, actionable improvements with ownership and timelines. Carry
     forward any open questions from the handoff packet that were not
     resolved by close. -->

-

## 9. Appendices and evidence

<!-- Log excerpts (sanitized as needed), snapshots, tool outputs, the
     communication record preserved verbatim, related case references,
     external intelligence reports, chain-of-custody documentation. -->

-
