We don't often get Zero-days of this magnitude. I have never put so much experience and training to the test as I have in this last week. Are there tools/programs you are setting up to take on this challenge? I will be joining a CISSP study group that we are forming in LA. If anyone is interested, let me know, you can participate by zoom if you are far away. I am looking at taking the test sometime in late 2023.
Take a look at NIST 800-61 or ISO 27035. Both include lessons learned / continuous improvement methodology for post incident retrospectives. Very common as a post mortem activity to justify improvements to your overall response plans.
I always use real events and issues through my testing. It also tests your test methodology at the same time. BCP, DR, and especially vulnerabilities. Some of the work is even done for you, including some statistics from the field, but you can go a bit further with testing the outside of what may not have occurred or been covered. For example, I had my team search for and ensure that we were not using Log4j within our SaaS services. We were not but some Amazon services we use were affected. However, the data and potential for escalation presented as very low risk so to that extent, it was still not an issue for us. For testing, I have the team moving forward with expanding our tests to capture the "what if" scenarios we were using this technology and what if Amazon's services presented a breach or escalation that have challenged us.