diff --git a/TTPs/SANS/GCIH/504Book1.py b/TTPs/SANS/GCIH/504Book1.py
new file mode 100644
index 0000000..0001c5e
--- /dev/null
+++ b/TTPs/SANS/GCIH/504Book1.py
@@ -0,0 +1,16 @@
+def picerl_overview():
+    """
+    Provides an overview of the PICERL incident response framework.
+    """
+    title = "PICERL Incident Response Framework Overview"
+    content = """
+### PICERL Framework:
+- **Preparation**: Develop and implement incident response policies, procedures, and tools to handle incidents effectively.
+- **Identification**: Detect and verify potential security incidents using monitoring tools and processes.
+- **Containment**: Limit the scope and impact of the incident by isolating affected systems.
+- **Eradication**: Remove the root cause of the incident, including malware, compromised accounts, or vulnerabilities.
+- **Recovery**: Restore affected systems to normal operation and validate that the threat has been neutralized.
+- **Lessons Learned**: Review the incident response process, document findings, and improve future readiness.
+"""
+    resource = "https://www.sans.org/media/score/504-incident-response-cycle.pdf"
+    print_info(title, content, resource)
\ No newline at end of file