📋 Document Version Tracker¶
Track the version, last update, and review status of every document in the repository.
Review Policy: All documents should be reviewed at least annually. Documents marked ⚠️ are due for review.
📍 Getting Started¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| SOC 101 | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Quickstart Guide | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Glossary | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| CISO Entry Path | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| SOC Manager Entry Path | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| SOC Analyst Entry Path | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Security Engineer Entry Path | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| IR Engineer Entry Path | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
🏗️ SOC Fundamentals¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| SOC Building Roadmap | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Budget & Staffing | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Technology Stack | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Infrastructure Setup | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Use Case Prioritization | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Analyst Training Path | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
🛡️ Incident Response — Core¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| IR Framework | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Severity Matrix | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Incident Classification | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Escalation Matrix | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Tier 1 Runbook | 2.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Tier 2 Runbook | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Tier 3 Runbook | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Communication Templates | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Forensic Investigation | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Evidence Collection | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Threat Hunting Playbook | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Interview Guide | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Disaster Recovery / BCP | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOAR Playbooks | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Lessons Learned Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Playbook Development Guide | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Tabletop Exercises | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Purple Team Exercises | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
🛡️ Incident Response — Playbooks (53)¶
| Playbook | Version | Last Updated | Status |
|---|---|---|---|
| PB-01 Phishing → PB-10 Web Attack | 2.8 | 2026-02-16 | ✅ |
| PB-11 Suspicious Script → PB-20 Log Clearing | 2.8 | 2026-02-16 | ✅ |
| PB-21 AWS S3 → PB-25 DNS Tunneling | 2.8 | 2026-02-16 | ✅ |
| PB-26 MFA Bypass → PB-30 API Abuse | 2.8 | 2026-02-16 | ✅ |
| PB-31 Cryptomining → PB-33 OT/ICS | 2.8 | 2026-02-16 | ✅ |
| PB-34 Network Discovery | 2.8 | 2026-02-16 | ✅ |
| PB-35 Data Collection | 2.8 | 2026-02-16 | ✅ |
| PB-36 Credential Dumping → PB-40 USB Removable Media | 2.10 | 2026-02-16 | ✅ |
| PB-41 VPN Abuse → PB-45 Rootkit/Bootkit | 2.10 | 2026-02-16 | ✅ |
| PB-46 SIM Swap → PB-50 Unauthorized Scanning | 2.10 | 2026-02-16 | ✅ |
| PB-51 AI Prompt Injection → PB-53 AI Model Theft | 2.13 | 2026-03-06 | ✅ |
📊 Operations Management¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| SOC Team Structure | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Service Catalog | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Shift Handoff | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| SOC Checklists | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Metrics & KPIs | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| KPI Dashboard Template | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Log Source Matrix | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Log Source Onboarding | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Automation Catalog | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Alert Tuning | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Capacity Planning | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Network Security Monitoring | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Cloud Security Monitoring | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| DLP SOP | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Insider Threat Program | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Threat Intelligence Lifecycle | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| TI Feeds Integration | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Threat Landscape Report | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Detection Rule Testing | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Vulnerability Management | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Third-Party Risk | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Maturity Assessment | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Assessment Checklist | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SLA Template | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Vendor Evaluation | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Data Handling Protocol | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Change Management | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Access Control Policy | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Communication SOP | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
🎯 Testing & Training¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| Purple Team Exercise Guide | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Phishing Simulation | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Simulation Guide | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Atomic Test Map | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| SOC Analyst Onboarding | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Analyst Onboarding Path | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Training Checklist | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Thai Compliance Workshop Module | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| System Activation | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
🔍 Detection Engineering¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| SOC Use Case Library | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Detection Coverage Matrix | 2.12 | 2026-03-06 | ✅ Current | 2027-03-06 |
🏛️ Compliance¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| Compliance Mapping | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| ISO 27001 Controls Mapping | 1.0 | 2026-02-17 | ✅ Current | 2027-02-17 |
| PCI-DSS SOC Requirements | 1.0 | 2026-02-17 | ✅ Current | 2027-02-17 |
| NIST CSF 2.0 Mapping | 1.0 | 2026-02-17 | ✅ Current | 2027-02-17 |
| PDPA Incident Response | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Compliance Gap Analysis | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| PDPA Compliance | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
| Thai Cyber Legal Baseline | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Data Governance Policy | 1.0 | 2026-02-16 | ✅ Current | 2027-02-16 |
📄 Reports & Templates¶
| Document | Version | Last Updated | Status | Next Review |
|---|---|---|---|---|
| Monthly SOC Report | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Quarterly Business Review | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Board Quarterly Decision Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Executive Dashboard | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Incident Report Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Shift Handover Template | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Change Request (RFC) | 1.0 | 2026-02-15 | ✅ Current | 2027-02-15 |
| Risk Acceptance Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Security Exception Approval | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Incident Decision Log | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Thai Legal Escalation Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Investment Justification Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Log Source Onboarding Request | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Detection Request Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Threat Hunt Request Template | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Executive Reporting Request | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Detection Backlog Prioritization | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Telemetry Backlog Prioritization | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Remediation Backlog Prioritization | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Weekly Detection Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Weekly Telemetry Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Monthly Remediation Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Detection Ownership RACI | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Telemetry Ownership RACI | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Remediation Ownership RACI | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Monthly Governance Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Quarterly Risk Acceptance Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
| Annual Control Coverage Review Pack | 1.0 | 2026-04-26 | ✅ Current | 2027-04-26 |
📊 Summary¶
| Category | Documents | All Current | Next Review |
|---|---|---|---|
| Getting Started | 8 | ✅ | 2027-04 |
| SOC Fundamentals | 6 | ✅ | 2027-02 |
| Incident Response | 18 + 53 playbooks | ✅ | 2027-03 |
| Operations Management | 29 | ✅ | 2027-04 |
| Testing & Training | 9 | ✅ | 2027-04 |
| Detection Engineering | 2 | ✅ | 2027-04 |
| Compliance | 9 | ✅ | 2027-04 |
| Reports & Templates | 28 | ✅ | 2027-04 |
| Total | 159+ | ✅ 100% | 2027-04 |
Last tracker update: 2026-04-26 | Repository version: 2.24.0