Skip to content

Incident & Response

General

Playbooks

Public Playbooks - This repository contains all the Incident Response Playbooks and Workflows of Company's SOC here

SOC

SOC Open Source is a project designed for security analysts and all SOC audiences who wants to play with implementation and explore the modern SOC architecture. here

SOC Open Source lesson explain here

guide for AAD SOC - plenty of useful cross-links - Guide Azure Active Directory security operations guide here

11 strategies of a world class cybersecurity SOC here

Roles

A #RACI matrix for all #SOC roles ! (By IBM)

soc_roles

Threat Hunting

A collection of tools and other resources for threat hunters here

Learn from incidents

Learning from Cyber Incidents Adapting Aviation Safety Models to Cybersecurity here

Cloud

AWS

framework aims to facilitate automated steps for incident response and forensics based on the AWS Incident Response White Paper here

Cloud threat matrix from Mitre Att&ck here

Sample of AWS incident response playbooks here

Incident report: From CLI to console, chasing an attacker in AWS. Feedback from expel on how they detected an AWS attack here

Security Logging in AWS cloud environment: here

Great tool to analyze cloudtrail events for AccessDenied and give the reason of them here

Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks here

Multi-cloud

Here is a guide to ensure detection is operational and your logs are managed centrally, in real time, at scale, as-code and for free here

Vulnerability management

When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsable format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities. here