SOaC Packages
Each package bundles detections, playbooks, policies, and lab scenarios for a specific threat domain. All code is free on GitHub. Downloads are for convenience and lab integration.
How packages map to GitHub: The GitHub repository is the source of truth for all SOaC artifacts. This portal mirrors the packages for discovery, lab demos, and gated convenience downloads. Every package card links directly to its source in the repo.
Identity-led Intrusion Defense
pkg-001Detect and contain AitM phishing, session hijacking, and identity-based attacks across Okta, Entra ID, and Azure AD.
Ransomware Containment & Response
pkg-002Automated host isolation, process killing, forensic snapshot capture, and SOC notification for ransomware events.
Supply Chain & npm Compromise
pkg-003Detect and respond to malicious npm packages, dependency confusion, and software supply chain attacks like Shai-Hulud.
BYOVD & Kernel Exploit Defense
pkg-004Detect Bring Your Own Vulnerable Driver attacks and kernel-level exploitation used by advanced ransomware operators.
SEO Poisoning & Gootloader Defense
pkg-005Detect and contain SEO poisoning campaigns and Gootloader malware delivery via compromised websites.