v0.2.1
Pre-release
Pre-release
Release v0.2.1 – 2026-07-08
Security Playbooks — Operational Expansion Release
This Pre-release expands the Security Playbooks project from a foundational security repository into a broader defensive security project covering detection engineering, threat hunting, security operations, threat intelligence, and validation workflows.
Included in This Release
Detection Engineering
- Expanded detection engineering documentation
- Rule lifecycle documentation
- Sigma development guidance
- Detection validation workflow documentation
- Detection rule examples for Sigma, YARA, and Suricata
- Detection metadata schema and rule management structure
Threat Hunting
- MITRE ATT&CK–aligned hunting methodology
- Hypothesis-driven hunting documentation
- Hunting process documentation
- Hunting queries for:
- KQL
- SPL
- Elastic
Threat Intelligence
- Threat actor documentation structure
- Malware intelligence resources
- Campaign tracking structure
- IOC analysis resources
- MITRE actor mapping support
- TLP classification documentation
Security Operations
- SOC workflow documentation
- Alert triage procedures
- Incident handling guidance
- Incident response lifecycle documentation
Validation Framework
- Expanded validation structure
- Detection test cases
- Validation reports
- Scenario-based testing resources
Repository Improvements
- Detection rule metadata support
- Detection examples
- Expanded integrations documentation
- Improved documentation organization
- Expanded wiki content
What's Changed
- Bump orjson from 3.10.7 to 3.11.6 in the pip group across 1 directory by @dependabot[bot] in #14
- Bump black from 24.4.2 to 26.3.1 in the pip group across 1 directory by @dependabot[bot] in #15
- Bump requests from 2.32.4 to 2.33.0 in the pip group across 1 directory by @dependabot[bot] in #16
- Bump pytest from 8.2.0 to 9.0.3 in the pip group across 1 directory by @dependabot[bot] in #18
- Bump lxml from 5.2.1 to 6.1.0 in the pip group across 1 directory by @dependabot[bot] in #19
- Add missing metadata fields to suspicious_login Sigma rule by @manish01-hash in #20
- Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @secwexen in #21
- Potential fix for code scanning alert no. 3: Workflow does not contain permissions by @secwexen in #22
New Contributors
- @manish01-hash made their first contribution in #20
Full Changelog: v0.1.0...v0.2.1