Skip to content
/ secops Public

SecOps is a living repository for security operations workflows, baseline investigation logic, and modular SOC playbooks. It documents repeatable, audit-defensible approaches to alert triage, threat analysis, and response decision-making, and also serves as a central location for KQL queries, detection logic, and operational security research.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbaker-wv/secops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
baseline
baseline
 
 
playbooks
playbooks
 
 
routing
routing
 
 
README.md
README.md
 
 

Repository files navigation

SecOps Playbooks

This repository contains a baseline SOC investigation flow and modular security operations playbooks designed for repeatable, audit-defensible incident analysis.

Contents

  • Baseline SOC Flow
  • Playbook routing logic
  • Playbooks
    • Phishing Playbooks
    • Identity High Risk sign-ins
    • C2 analysis
    • Ransomware / Malware
    • Application & Data compromise

All diagrams are written in Markdown using Mermaid.

Author

Michael Baker
Cybersecurity Manager

Developed based on real-world SOC operations to support repeatable, audit-defensible security investigations. (Last Updated 12/2025)

About

SecOps is a living repository for security operations workflows, baseline investigation logic, and modular SOC playbooks. It documents repeatable, audit-defensible approaches to alert triage, threat analysis, and response decision-making, and also serves as a central location for KQL queries, detection logic, and operational security research.

Topics

incident-response secops threat-hunting soc playbooks security-operations kql microsoft-defender security-documentation security-playbooks

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published