AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
de09af6d7e
nis2-agile/docs/nis2/incidente_r01/incident-recovery.html
DevEnv nis2-agile 5c545ea3d0 [FEAT] Integrazione analisi docs/nis2 v1.7.0 — scoring asset, tassonomia incidenti, PIR, NIST CSF, fonti certe 
Fase 1 - Asset Relevance Scoring NIS2 (GV.OC-04): metodologia 0-100 a 6 criteri,
  AssetScoringService + endpoint scoringGrid/score/relevantSystems + UI assets.html + registro stampabile.
Fase 2 - Tassonomia incidenti Determina ACN 164179/2025: IS-1..4 + regime essenziale/importante (Allegati 3/4).
Fase 3 - Post-Incident Review (5-Whys) + metriche TTD/TTC/TTR + timestamp di fase.
Fase 4 - Mapping NIST CSF 2.0 (43 controlli) reference-only.
Fonti certe: registry config/nis2_sources.php + grounding AI (vieta riferimenti inventati) +
  citazioni help.js + ingest PDF normativi nella KB RAG (scripts/ingest-nis2-sources.php).
Migrazioni 020/021/022 (additive idempotenti). Fix VectorService IP Qdrant (drift .5->.3).
Analisi concorrenza Evix (docs/EVIX_ANALISI_CONCORRENZA.html, gap-driven).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 17:15:13 +02:00

661 lines
27 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Ripristino Servizi - INC-2024-047</title>
<style>
:root {
--bg-primary: #0d1117;
--bg-secondary: #161b22;
--bg-tertiary: #1c2128;
--border-color: #30363d;
--text-primary: #c9d1d9;
--text-secondary: #8b949e;
--accent-primary: #58a6ff;
--success: #3fb950;
--warning: #d29922;
--danger: #f85149;
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Noto Sans', Helvetica, Arial, sans-serif;
background-color: var(--bg-primary);
color: var(--text-primary);
line-height: 1.6;
overflow-y: auto;
}
.container {
max-width: 1400px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: var(--bg-secondary);
border-bottom: 1px solid var(--border-color);
padding: 24px 0;
margin-bottom: 32px;
position: sticky;
top: 0;
z-index: 100;
}
.header-content {
max-width: 1400px;
margin: 0 auto;
padding: 0 20px;
display: flex;
justify-content: space-between;
align-items: center;
}
.header h1 {
font-size: 24px;
font-weight: 600;
color: var(--text-primary);
}
.breadcrumb {
font-size: 13px;
color: var(--text-secondary);
margin-top: 4px;
}
.breadcrumb a {
color: var(--accent-primary);
text-decoration: none;
}
.btn {
padding: 8px 16px;
background-color: var(--bg-tertiary);
border: 1px solid var(--border-color);
border-radius: 6px;
color: var(--text-primary);
font-size: 13px;
font-weight: 500;
cursor: pointer;
transition: all 0.2s;
text-decoration: none;
}
.btn:hover {
border-color: var(--accent-primary);
}
.btn-success {
background-color: var(--success);
border-color: var(--success);
color: white;
}
.btn-success:hover {
background-color: #2ea043;
}
.alert-box {
background-color: rgba(88, 166, 255, 0.1);
border: 1px solid var(--accent-primary);
border-left: 4px solid var(--accent-primary);
border-radius: 6px;
padding: 20px;
margin-bottom: 24px;
}
.alert-title {
font-weight: 600;
margin-bottom: 8px;
font-size: 15px;
}
.alert-content {
font-size: 13px;
color: var(--text-secondary);
line-height: 1.6;
}
.section {
background-color: var(--bg-secondary);
border: 1px solid var(--border-color);
border-radius: 6px;
padding: 24px;
margin-bottom: 24px;
}
.section-title {
font-size: 18px;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 20px;
padding-bottom: 12px;
border-bottom: 1px solid var(--border-color);
}
.checklist {
list-style: none;
}
.checklist li {
padding: 12px;
background-color: var(--bg-tertiary);
border: 1px solid var(--border-color);
border-radius: 4px;
margin-bottom: 8px;
display: flex;
align-items: center;
gap: 12px;
}
.checklist input[type="checkbox"] {
width: 20px;
height: 20px;
cursor: pointer;
}
.checklist li.completed {
background-color: rgba(63, 185, 80, 0.1);
border-color: var(--success);
}
.priority-badge {
display: inline-block;
padding: 4px 8px;
border-radius: 3px;
font-size: 11px;
font-weight: 700;
text-transform: uppercase;
}
.priority-1 {
background-color: rgba(248, 81, 73, 0.2);
color: var(--danger);
border: 1px solid var(--danger);
}
.priority-2 {
background-color: rgba(210, 153, 34, 0.2);
color: var(--warning);
border: 1px solid var(--warning);
}
.data-table {
width: 100%;
border-collapse: collapse;
font-size: 13px;
}
.data-table th {
background-color: var(--bg-tertiary);
color: var(--text-secondary);
font-weight: 600;
text-align: left;
padding: 10px 12px;
border: 1px solid var(--border-color);
font-size: 11px;
text-transform: uppercase;
}
.data-table td {
padding: 10px 12px;
border: 1px solid var(--border-color);
color: var(--text-primary);
}
.data-table tr:hover {
background-color: var(--bg-tertiary);
}
</style>
</head>
<body>
<div class="header">
<div class="header-content">
<div>
<h1>🔄 Ripristino Servizi - INC-2024-047</h1>
<div class="breadcrumb">
<a href="dashboard.html">Dashboard NIS2</a> /
<a href="incident-dashboard.html">Gestione Incidenti</a> /
<a href="incident-detail.html?id=INC-2024-047">INC-2024-047</a> /
Ripristino
</div>
</div>
<a href="incident-detail.html?id=INC-2024-047" class="btn">← Torna all'Incidente</a>
</div>
</div>
<div class="container">
<div class="alert-box">
<div class="alert-title"> Processo di Ripristino (RC.RP-01)</div>
<div class="alert-content">
Ripristino graduale dei servizi secondo priorità BIA. Ogni sistema deve essere verificato per integrità,
funzionalità e sicurezza prima del ripristino in produzione. Monitoraggio intensivo post-ripristino per 72 ore.
</div>
</div>
<!-- Priorità Ripristino -->
<div class="section">
<div class="section-title">Priorità Ripristino (secondo BIA Org.08)</div>
<table class="data-table">
<thead>
<tr>
<th>Priorità</th>
<th>Sistema/Servizio</th>
<th>RTO Dichiarato</th>
<th>Stato</th>
<th>ETA Ripristino</th>
<th>Azioni</th>
</tr>
</thead>
<tbody>
<tr>
<td><span class="priority-badge priority-1">P1 - Critico</span></td>
<td><strong>Server ERP-PROD-01</strong><br>Sistema gestionale principale</td>
<td>≤4h</td>
<td><span style="color: var(--warning);">🔄 In ripristino</span></td>
<td>2024-03-08 14:00</td>
<td><button class="btn" onclick="viewRecoveryDetails('erp')">Dettagli</button></td>
</tr>
<tr>
<td><span class="priority-badge priority-1">P1 - Critico</span></td>
<td><strong>Applicazione SAP ERP</strong><br>Software gestionale</td>
<td>≤4h</td>
<td><span style="color: var(--text-secondary);">⏸️ In attesa server</span></td>
<td>2024-03-08 16:00</td>
<td><button class="btn" disabled>In attesa</button></td>
</tr>
</tbody>
</table>
</div>
<!-- Checklist Ripristino -->
<div class="section">
<div class="section-title">Checklist Ripristino Server ERP-PROD-01</div>
<h3 style="font-size: 16px; font-weight: 600; margin-bottom: 16px; color: var(--text-primary);">1. Valutazione Pre-Ripristino</h3>
<ul class="checklist">
<li class="completed">
<input type="checkbox" checked disabled>
<span>Minaccia completamente rimossa ed eradicata</span>
</li>
<li class="completed">
<input type="checkbox" checked disabled>
<span>Nessun indicatore di compromissione residuo</span>
</li>
<li class="completed">
<input type="checkbox" checked disabled>
<span>Backup verificato e integro (hash matching)</span>
</li>
<li class="completed">
<input type="checkbox" checked disabled>
<span>Strategia di ripristino definita: Ripristino da backup immutabile</span>
</li>
</ul>
<h3 style="font-size: 16px; font-weight: 600; margin: 24px 0 16px; color: var(--text-primary);">2. Ripristino Sistema</h3>
<ul class="checklist">
<li class="completed">
<input type="checkbox" checked disabled>
<span>Ripristino da backup immutabile avviato (2024-03-07 10:00)</span>
</li>
<li class="completed">
<input type="checkbox" checked disabled>
<span>Sistema operativo ripristinato e verificato</span>
</li>
<li>
<input type="checkbox" id="check1" onchange="updateProgress()">
<span>Applicazione ERP ripristinata e configurata</span>
</li>
<li>
<input type="checkbox" id="check2" onchange="updateProgress()">
<span>Database ripristinato e verificato integrità</span>
</li>
<li>
<input type="checkbox" id="check3" onchange="updateProgress()">
<span>Patch di sicurezza applicati (ultimi aggiornamenti)</span>
</li>
<li>
<input type="checkbox" id="check4" onchange="updateProgress()">
<span>Configurazione hardening applicata (baseline CIS)</span>
</li>
</ul>
<h3 style="font-size: 16px; font-weight: 600; margin: 24px 0 16px; color: var(--text-primary);">3. Verifica Integrità e Sicurezza</h3>
<ul class="checklist">
<li>
<input type="checkbox" id="check5" onchange="updateProgress()">
<span>Integrità dati verificata (confronto checksum con backup)</span>
</li>
<li>
<input type="checkbox" id="check6" onchange="updateProgress()">
<span>Test funzionali applicativi completati con successo</span>
</li>
<li>
<input type="checkbox" id="check7" onchange="updateProgress()">
<span>Scansione antimalware completa (nessuna minaccia rilevata)</span>
</li>
<li>
<input type="checkbox" id="check8" onchange="updateProgress()">
<span>Verifica assenza IoC residui</span>
</li>
<li>
<input type="checkbox" id="check9" onchange="updateProgress()">
<span>Configurazione EDR verificata e attiva</span>
</li>
<li>
<input type="checkbox" id="check10" onchange="updateProgress()">
<span>Log attivi e integrati nel SIEM</span>
</li>
</ul>
<h3 style="font-size: 16px; font-weight: 600; margin: 24px 0 16px; color: var(--text-primary);">4. Ripristino Accessi</h3>
<ul class="checklist">
<li>
<input type="checkbox" id="check11" onchange="updateProgress()">
<span>Reset credenziali per tutti gli account potenzialmente compromessi</span>
</li>
<li>
<input type="checkbox" id="check12" onchange="updateProgress()">
<span>MFA verificata e funzionante per tutti gli account admin</span>
</li>
<li>
<input type="checkbox" id="check13" onchange="updateProgress()">
<span>Riattivazione accessi graduale per ruolo (admin → power user → user)</span>
</li>
<li>
<input type="checkbox" id="check14" onchange="updateProgress()">
<span>Monitoraggio accessi post-ripristino attivato</span>
</li>
</ul>
<h3 style="font-size: 16px; font-weight: 600; margin: 24px 0 16px; color: var(--text-primary);">5. Ripristino Connettività</h3>
<ul class="checklist">
<li>
<input type="checkbox" id="check15" onchange="updateProgress()">
<span>Regole firewall aggiornate (IP C2 bloccati permanentemente)</span>
</li>
<li>
<input type="checkbox" id="check16" onchange="updateProgress()">
<span>Segmentazione rete verificata</span>
</li>
<li>
<input type="checkbox" id="check17" onchange="updateProgress()">
<span>Test connettività end-to-end completati</span>
</li>
<li>
<input type="checkbox" id="check18" onchange="updateProgress()">
<span>Monitoraggio traffico anomalo attivo</span>
</li>
</ul>
<h3 style="font-size: 16px; font-weight: 600; margin: 24px 0 16px; color: var(--text-primary);">6. Validazione Finale</h3>
<ul class="checklist">
<li>
<input type="checkbox" id="check19" onchange="updateProgress()">
<span>Sign-off tecnico: Team Incident Response</span>
</li>
<li>
<input type="checkbox" id="check20" onchange="updateProgress()">
<span>Sign-off business: Responsabile Divisione</span>
</li>
<li>
<input type="checkbox" id="check21" onchange="updateProgress()">
<span>Sign-off sicurezza: CISO</span>
</li>
<li>
<input type="checkbox" id="check22" onchange="updateProgress()">
<span>Dichiarazione di ripristino completato</span>
</li>
</ul>
<div style="margin-top: 24px; padding: 20px; background: var(--bg-tertiary); border-radius: 6px; display: flex; justify-content: space-between; align-items: center;">
<div>
<div style="font-size: 13px; color: var(--text-secondary); margin-bottom: 8px;">Progresso Ripristino</div>
<div style="font-size: 24px; font-weight: 700; color: var(--text-primary);" id="progressText">9%</div>
</div>
<button class="btn btn-success" onclick="completeRecovery()" id="completeBtn" disabled style="opacity: 0.5;">
✅ Completa Ripristino
</button>
</div>
</div>
<!-- Monitoraggio Post-Ripristino -->
<div class="section">
<div class="section-title">Piano Monitoraggio Post-Ripristino</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; margin-bottom: 16px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--text-primary); margin-bottom: 12px;">
📊 Monitoraggio Intensivo (72 ore)
</h4>
<ul style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; margin-left: 20px;">
<li>Monitoraggio continuo 24/7 da SOC</li>
<li>Soglie di alerting ridotte (maggiore sensibilità)</li>
<li>Threat hunting mirato ogni 8 ore</li>
<li>Report giornaliero stato sistema</li>
<li>Verifica integrità file system ogni 12 ore</li>
</ul>
</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; margin-bottom: 16px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--text-primary); margin-bottom: 12px;">
📈 Monitoraggio Elevato (30 giorni)
</h4>
<ul style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; margin-left: 20px;">
<li>Monitoraggio continuo con priorità alta</li>
<li>Threat hunting settimanale</li>
<li>Report settimanale a CISO</li>
<li>Verifica periodica IoC</li>
<li>Analisi comportamentale utenti e processi</li>
</ul>
</div>
<table class="data-table">
<thead>
<tr>
<th>Metrica</th>
<th>Baseline Pre-Incidente</th>
<th>Target Post-Ripristino</th>
<th>Frequenza Check</th>
</tr>
</thead>
<tbody>
<tr>
<td>CPU Usage</td>
<td>45-60%</td>
<td>45-60% (±5%)</td>
<td>Ogni 5 minuti</td>
</tr>
<tr>
<td>Memory Usage</td>
<td>70-75%</td>
<td>70-75% (±5%)</td>
<td>Ogni 5 minuti</td>
</tr>
<tr>
<td>Network Traffic</td>
<td>2-5 Gbps</td>
<td>2-5 Gbps</td>
<td>Continuo</td>
</tr>
<tr>
<td>Failed Login Attempts</td>
<td><5/ora</td>
<td><3/ora</td>
<td>Real-time</td>
</tr>
<tr>
<td>Processi Anomali</td>
<td>0</td>
<td>0</td>
<td>Ogni 15 minuti</td>
</tr>
<tr>
<td>Connessioni Esterne Sospette</td>
<td>0</td>
<td>0</td>
<td>Real-time</td>
</tr>
</tbody>
</table>
</div>
<!-- Comunicazioni Ripristino -->
<div class="section">
<div class="section-title">Comunicazioni Ripristino Completato</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; margin-bottom: 16px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--text-primary); margin-bottom: 12px;">
📧 Template Comunicazione Interna
</h4>
<div style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; font-family: monospace; background: var(--bg-primary); padding: 12px; border-radius: 4px;">
<strong>Oggetto:</strong> Ripristino Servizio ERP Completato<br><br>
Gentili colleghi,<br><br>
Vi informiamo che il servizio ERP è stato completamente ripristinato e
risulta nuovamente operativo a partire dalle ore [DATA/ORA].<br><br>
<strong>Azioni richieste agli utenti:</strong><br>
• Effettuare reset password al primo accesso<br>
• Verificare che MFA sia attiva<br>
• Segnalare immediatamente qualsiasi comportamento anomalo<br><br>
Il sistema è sotto monitoraggio intensivo per le prossime 72 ore.<br><br>
Per qualsiasi problema contattare l'helpdesk.<br><br>
Grazie per la collaborazione.<br>
IT Security Team
</div>
</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--text-primary); margin-bottom: 12px;">
📡 Aggiornamento CSIRT Italia
</h4>
<div style="font-size: 13px; color: var(--text-secondary); line-height: 1.8;">
Aggiornare la notifica CSIRT con informazioni sul ripristino completato:
<ul style="margin-left: 20px; margin-top: 8px;">
<li>Data/ora ripristino completato</li>
<li>Servizi ripristinati</li>
<li>Downtime totale effettivo vs RTO</li>
<li>Misure di hardening applicate</li>
<li>Piano di monitoraggio post-ripristino</li>
</ul>
</div>
</div>
</div>
</div>
<script>
function updateProgress() {
const total = 22;
let checked = 2; // I primi 2 sono già checked
for (let i = 1; i <= 22; i++) {
const checkbox = document.getElementById('check' + i);
if (checkbox && checkbox.checked) {
checked++;
checkbox.parentElement.classList.add('completed');
} else if (checkbox) {
checkbox.parentElement.classList.remove('completed');
}
}
const percentage = Math.round((checked / total) * 100);
document.getElementById('progressText').textContent = percentage + '%';
const completeBtn = document.getElementById('completeBtn');
if (percentage === 100) {
completeBtn.disabled = false;
completeBtn.style.opacity = '1';
} else {
completeBtn.disabled = true;
completeBtn.style.opacity = '0.5';
}
}
function completeRecovery() {
const tooltip = document.createElement('div');
tooltip.style.cssText = `
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
background: var(--bg-secondary);
border: 2px solid var(--success);
border-radius: 8px;
padding: 32px;
box-shadow: 0 8px 24px rgba(0,0,0,0.5);
z-index: 10000;
max-width: 600px;
text-align: center;
`;
tooltip.innerHTML = `
<div style="font-size: 48px; margin-bottom: 16px;">✅</div>
<h2 style="color: var(--success); margin-bottom: 16px;">Ripristino Completato con Successo</h2>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px; margin-bottom: 24px; text-align: left;">
<p style="font-size: 13px; color: var(--text-secondary); margin-bottom: 12px;"><strong>Riepilogo Ripristino:</strong></p>
<table style="width: 100%; font-size: 13px; color: var(--text-secondary);">
<tr>
<td><strong>Sistema:</strong></td>
<td>ERP-PROD-01</td>
</tr>
<tr>
<td><strong>Data ripristino:</strong></td>
<td>${new Date().toLocaleString('it-IT')}</td>
</tr>
<tr>
<td><strong>Downtime totale:</strong></td>
<td>30h 15m</td>
</tr>
<tr>
<td><strong>RTO dichiarato:</strong></td>
<td>≤48h</td>
</tr>
<tr>
<td><strong>Conformità RTO:</strong></td>
<td style="color: var(--success); font-weight: 600;">✅ Rispettato</td>
</tr>
<tr>
<td><strong>TTR (Time to Recover):</strong></td>
<td>30.25h</td>
</tr>
</table>
<p style="font-size: 13px; color: var(--text-secondary); margin-top: 16px;">
<strong>Stato:</strong> Sistema operativo, monitoraggio intensivo attivo per 72 ore.
</p>
</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; margin-bottom: 24px; text-align: left;">
<p style="font-size: 13px; color: var(--text-secondary); margin-bottom: 12px;"><strong>Prossime azioni:</strong></p>
<ul style="font-size: 13px; color: var(--text-secondary); margin-left: 20px;">
<li>Comunicazione utenti inviata</li>
<li>Aggiornamento notifica CSIRT</li>
<li>Monitoraggio intensivo 72h avviato</li>
<li>Pianificazione Post-Incident Review</li>
</ul>
</div>
<div style="display: flex; gap: 12px;">
<button onclick="window.location.href='incident-detail.html?id=INC-2024-047'" style="flex: 1; padding: 12px; background: var(--bg-tertiary); border: 1px solid var(--border-color); border-radius: 6px; color: var(--text-primary); font-weight: 600; cursor: pointer;">
Torna all'Incidente
</button>
<button onclick="window.location.href='incident-pir.html?id=INC-2024-047'" style="flex: 1; padding: 12px; background: var(--accent-primary); border: none; border-radius: 6px; color: white; font-weight: 600; cursor: pointer;">
Avvia Post-Incident Review
</button>
</div>
`;
document.body.appendChild(tooltip);
}
function viewRecoveryDetails(system) {
alert('Dettagli processo di ripristino per: ' + system);
}
// Inizializza progresso
window.addEventListener('DOMContentLoaded', updateProgress);
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink