This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that make use of the Security Playbook extension and MISP Security Playbook objects.

These playbooks serve as drafts and starting points for initial triage. They are not intended to be final, out-of-the-box solutions but should be adapted to fit the specific practices, procedures, and workflows of the Security Operations Center (SOC) using them.

This is the workbench for designing and updating the "security-playbook" object template for the MISP project - https://github.com/MISP/misp-objects/blob/main/objects/security-playbook/definition.json

A base schema for capturing workflow execution status data - SOAR

Security Playbooks is a collection of MITRE ATT&CK-based attack scenarios, detection rules (Sigma, YARA, Suricata), PoC scripts, and hands-on lab walkthroughs for cybersecurity professionals and SOC analysts.

An interactive web application that generates comprehensive security playbooks for mitigating the OWASP Top 10 vulnerabilities specific to Large Language Model (LLM) applications. The application consists of a Flask backend that leverages the OpenAI API to generate detailed playbooks, paired with a simple HTML/JavaScript frontend.

Incident response playbooks and templates for real-world security scenarios