Skills

soc-operations

Installation
SKILL.md

SOC Operations — Building and Running a Security Operations Center

The operations layer above siem-detection (engineering rules) and incident-triage (response). This skill is about the people and process of running 24/7 alert triage — alert prioritization, runbook authoring, escalation, on-call hygiene, MTTD / MTTR, and the slow drift toward alert fatigue that kills SOCs.

Three modes:

  • Build — designing a SOC from scratch (small org standing up its first IR capability, or MSSP onboarding)
  • Run — daily operations for an existing SOC
  • Improve — analyzing an existing SOC's metrics and fixing the broken parts

Cross-references: siem-detection (the rules that feed alerts to the SOC), incident-triage (the playbook for confirmed incidents), threat-hunting (proactive work between alert triage), breach-patterns (what attacks the SOC should be ready for).

Mode 1 — Build a SOC

Decision: in-house, MSSP, or hybrid?

Installs
51
Repository
briiirussell/cy…y-skills
GitHub Stars
274
First Seen
May 27, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
soc-operations — briiirussell/cybersecurity-skills