Mastodawn

https://blog.securityonion.net/2025/06/security-onion-24160-now-available.html

Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!

https://chrissanders.org/2025/06/human-centered-playbooks/

Shoutout to @chrissanders88 for his work on the Human-Centered Investigation Playbook standard!

https://chrissanders.org/hcip/Human-Centered%20Playbook%20Standard%20v1.0.pdf

Playbooks don't replace or restrict analysts; however, they can help them perform more thorough investigations. Creating and using them also serves as an excellent learning tool. I hope this standard and its adoption will help folks along that path. #SOC #DFIR

Analysts derive playbooks through inductive reasoning processes. The process is often as valuable as the result. We needed a way to express those cleanly and effectively, supporting analyst cognition.

Analysts encounter common scenarios (cues) across diverse investigations based on the evidence they encounter and their forecasting of potentially related events. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.

Better yet, the folks at Security Onion have integrated the standard into their platform and released a new guided investigation feature today. Every alert in Security Onion will now have linked investigation playbooks you can work from.

If you've taken my Investigation Theory course, then you're familiar with my Human-Centered Investigation Playbooks. I'm excited to share that I'm releasing that standard publicly today. You can read about it here: https://chrissanders.org/2025/06/human-centered-playbooks/

https://blog.securityonion.net/2025/06/security-onion-24160-now-available.html

Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!