- Create
detection-rules/directory structure - Add Splunk queries for brute force detection
- Add Sigma rules for PowerShell technique
- Add KQL queries for phishing indicators
- Create detection-rules README with usage guide
- Expand MITRE ATT&CK techniques to 5+ common techniques
- Add T1566 (Phishing) technique document
- Add T1021 (Lateral Movement) technique document
- Add T1486 (Data Encrypted for Impact) technique document
- Create MITRE coverage matrix
- Create
forensics/directory - Add memory analysis walkthrough
- Add disk forensics methodology
- Add timeline analysis guide
- Create
threat-intelligence/directory - Add IOC enrichment workflow
- Add threat feed integration guide
- Add STIX/TAXII basics document
- Create
templates/directory - Add executive incident summary template
- Add user notification template
- Add stakeholder update format
- Create
compliance/directory - Add evidence handling guide
- Add chain of custody procedures
- Add GDPR/compliance considerations
- Update brute-force-login.md with detection rules
- Update playbook_ransomware.md with decision trees
- Update phishing_walkthrough.md with header analysis
- Update T1059.001_PowerShell.md with logging config
- Update risk_register with residual risk calculations
- Add SOC metrics documentation
- Create KPI calculation examples
- Add MTTD/MTTR tracking guide
- Minimum 10 MITRE ATT&CK techniques documented
- Detection rules for all techniques
- Complete communication template suite
- Forensics section with 3+ guides
- Compliance documentation added
- Phase 1-2: Week 1
- Phase 3-4: Week 2
- Phase 5-6: Week 3
- Phase 7-8: Week 4
Last Updated: 2026-01-28 Status: In Progress