ID,Title,Type,Severity,Affected Assets,Reported By,Reported At,Detected By,Detection Method,Response Team,Containment At,Resolved At,MTTR (h),Data Breach,Authority Notification,Root Cause,Corrective Action,Status
INC-2026-001,Phishing email with credential link,Phishing,Medium,User account k.mueller@nwl,IT Helpdesk,2026-01-22 09:14,SOC,SIEM alert,SecOps,2026-01-22 09:45,2026-01-22 14:00,4.8,No,No,Bypassed filter (newly registered domain),Enable NRD rule + CAPA-2026-003,Closed
INC-2026-002,EDR alert on developer laptop (Cobalt Strike beacon),Malware,High,AST-006 (1 laptop),EDR,2026-02-03 23:41,EDR,Behavioural detection,SecOps,2026-02-03 23:55,2026-02-05 12:00,37.0,No,No,False positive - red team exercise not coordinated,Update exclusion + coordinate exercises,Closed
INC-2026-003,Lost company laptop,Lost device,Medium,AST-006 (1 laptop),Employee,2026-02-15 08:30,User report,Self-report,IT Operations,2026-02-15 08:45,2026-02-15 10:00,1.5,No,No,Left in taxi,Remote wipe triggered + replacement issued,Closed
INC-2026-004,Targeted phishing against finance (BEC attempt),Phishing,High,Finance team,Finance Lead,2026-02-22 11:20,User report,Recipient,SecOps,2026-02-22 11:25,2026-02-22 16:00,4.6,No,No,Attempt blocked by awareness - no clicks,Targeted finance training,Closed
INC-2026-005,Unauthorised access attempts to VPN,Brute force,Low,AST-011,SOC,2026-03-01 02:14,SIEM alert,Log correlation,SecOps,2026-03-01 02:20,2026-03-01 09:00,6.8,No,No,Automated scanning,Blocked source IPs + geo filter,Closed
INC-2026-006,Accidental email with customer list to wrong recipient,Data leak,High,Customer data (45 records),DPO,2026-03-12 14:30,User report,Self-report,DPO + SecOps,2026-03-12 14:35,2026-03-12 18:00,3.5,Yes,Yes (BfDI 72h + data subjects),Autocomplete selected wrong address,Enable email send confirmation + DLP (CAPA-2026-005),Closed
INC-2026-007,DDoS on customer portal,DoS,Medium,AST-002,Monitoring,2026-03-20 19:15,Availability monitoring,Synthetic check,SecOps + Vendor,2026-03-20 19:45,2026-03-20 22:30,3.3,No,No,Volumetric attack via vendor,Activated CDN Layer 7 protection,Closed
INC-2026-008,S3 bucket temporarily public after manual change,Misconfiguration,High,AST-012,IT Operations,2026-03-25 10:00,IaC scan,Automated,SecOps,2026-03-25 10:12,2026-03-25 11:00,1.0,No (no sensitive data accessed),No,Engineer bypassed IaC,Reinforce IaC + S3 public access block,Closed
INC-2026-009,Ransomware attempt blocked,Malware,High,AST-006 (1 laptop),EDR,2026-04-02 15:30,EDR,Behavioural detection,SecOps,2026-04-02 15:31,2026-04-03 12:00,20.5,No,No,User opened malicious attachment,Awareness session + attachment filter tuning,Closed
INC-2026-010,Insider - failed access attempt to payroll,Unauthorised access,Medium,AST-017,SIEM,2026-04-08 16:20,SIEM alert,Access log correlation,ISO + HR,2026-04-08 16:30,2026-04-09 10:00,17.7,No,No,Curiosity (not malicious),Reminder of AUP + access review,Closed