Take a look at NIST 800-61 or ISO 27035. Both include lessons learned / continuous improvement methodology for post incident retrospectives. Very common as a post mortem activity to justify improvements to your overall response plans.
I always use real events and issues through my testing. It also tests your test methodology at the same time. BCP, DR, and especially vulnerabilities. Some of the work is even done for you, including some statistics from the field, but you can go a bit further with testing the outside of what may not have occurred or been covered. For example, I had my team search for and ensure that we were not using Log4j within our SaaS services. We were not but some Amazon services we use were affected. However, the data and potential for escalation presented as very low risk so to that extent, it was still not an issue for us. For testing, I have the team moving forward with expanding our tests to capture the "what if" scenarios we were using this technology and what if Amazon's services presented a breach or escalation that have challenged us.