Security Monitoring Playbooks


Security monitoring is a very complex activity, but Playbooks can help to define what to do and what to look for.

Here is how Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy defines Playbooks:

Our Playbook is our answer to this complexity. At its heart, it’s a collection of “plays” that each generate a report from some set of data sources. The thing about plays that makes them so useful is that they aren’t just some complex query or code to find bad stuff.

Plays are self-contained, fully documented prescriptive procedures for finding some sort of undesired activity.

By building the documentation into the play we’ve directly coupled the motivation for the play, how it gets analyzed, the specific query for it, and any additional information needed to both run the play and act upon the report results.

The Working Session will create Security Monitoring Playbooks.


  • Create Security Monitoring Playbooks for use by the Community


  • Security Monitoring Playbooks


The target audience for this Working Session is:

  • Security professionals
  • SOC specialists


Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)


…add content…

Back to list of all Working Sessions and Tracks

Edit this page here