analyst@soc-hub:~$ cat README.md

// About SOC Analyst Hub

A community resource for security operations professionals focused on practical, actionable detection engineering content. From SIEM rule writing to advanced threat hunting, we cover the tradecraft that matters.

// 01 mission

Empowering Detection Engineers and SOC Analysts

The SOC Analyst Hub exists because the gap between "knowing an attack happened" and "having a detection rule that catches it" is still too wide for most teams. We bridge that gap with deeply practical content written by practitioners for practitioners.

We don't do vendor press releases or surface-level explainers. Every article on this site is written to help you build or improve a detection, execute a hunt, or choose a tool that actually fits your environment.

  • 01

    Practical Over Theoretical

    Every guide includes real detection logic — Sigma rules, KQL queries, Splunk SPL, or VQL — that you can adapt and deploy today.

  • 02

    MITRE ATT&CK Aligned

    Content is mapped to MITRE ATT&CK techniques so you can understand coverage gaps and prioritize detection investments against real adversary behavior.

  • 03

    Adversary-Emulation Tested

    Detection guidance is developed against actual tooling — Mimikatz, CobaltStrike, Impacket, and open-source red team frameworks — not hypothetical threat models.

  • 04

    Vendor-Neutral

    Detection logic is expressed in portable formats (Sigma, pseudocode) first, with platform-specific translations where helpful. We don't favor any SIEM vendor.

// 02 coverage

What's In the Hub

A growing library of detection engineering resources, organized by type and mapped to adversary techniques.

7 Total Articles
4 Detection Guides
2 Hunt Playbooks
3 MITRE-Mapped
// 03 content types

How Content Is Organized

Content is tagged by type to help you find what you need quickly.

Detection Guide

Step-by-step guides for building detections around specific techniques. Includes log sources, detection logic, tuning advice, and false positive analysis.

Hunt Playbook

Structured hunting procedures for uncovering threats that evade alerting. Hypothesis-driven, with specific queries and pivot points for each phase.

Tool Review

Hands-on evaluations of detection, hunting, and forensics tools from an analyst's perspective — setup, key features, realistic use cases, and limitations.

Technique Analysis

Deep dives into how specific adversary techniques work at the OS and network level, providing the understanding needed to build better detections.

// get started

Start Reading

Browse our detection guides and hunt playbooks, or subscribe to the RSS feed to get new content as it's published.

Browse All Articles →