Security Monitoring Playbooks


Security monitoring is a very complex activity. Playbooks help to define what to do and what to look for.

Here is how Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy defines them:

Our Playbook is our answer to this complexity. At its heart, it’s a collection of “plays” that each generate a report from some set of data sources. The thing about plays that makes them so useful is that they aren’t just some complex query or code to find bad stuff.

Plays are self-contained, fully documented prescriptive procedures for finding some sort of undesired activity.

By building the documentation into the play we’ve directly coupled the motivation for the play, how it gets analyzed, the specific query for it, and any additional information needed to both run the play and act upon the report results.


  • Create Security Monitoring Playbooks that can be used by the Community


  • Security Professionals
  • SOC specialists


Back to list of all Working Sessions and Tracks

Edit this page here