Skip to content

v0.2.1

Pre-release
Pre-release

Choose a tag to compare

@secwexen secwexen released this 08 Jul 13:14
Immutable release. Only release title and notes can be modified.
1e31c47

Release v0.2.1 – 2026-07-08

Security Playbooks — Operational Expansion Release

This Pre-release expands the Security Playbooks project from a foundational security repository into a broader defensive security project covering detection engineering, threat hunting, security operations, threat intelligence, and validation workflows.

Included in This Release

Detection Engineering

  • Expanded detection engineering documentation
  • Rule lifecycle documentation
  • Sigma development guidance
  • Detection validation workflow documentation
  • Detection rule examples for Sigma, YARA, and Suricata
  • Detection metadata schema and rule management structure

Threat Hunting

  • MITRE ATT&CK–aligned hunting methodology
  • Hypothesis-driven hunting documentation
  • Hunting process documentation
  • Hunting queries for:
    • KQL
    • SPL
    • Elastic

Threat Intelligence

  • Threat actor documentation structure
  • Malware intelligence resources
  • Campaign tracking structure
  • IOC analysis resources
  • MITRE actor mapping support
  • TLP classification documentation

Security Operations

  • SOC workflow documentation
  • Alert triage procedures
  • Incident handling guidance
  • Incident response lifecycle documentation

Validation Framework

  • Expanded validation structure
  • Detection test cases
  • Validation reports
  • Scenario-based testing resources

Repository Improvements

  • Detection rule metadata support
  • Detection examples
  • Expanded integrations documentation
  • Improved documentation organization
  • Expanded wiki content

What's Changed

  • Bump orjson from 3.10.7 to 3.11.6 in the pip group across 1 directory by @dependabot[bot] in #14
  • Bump black from 24.4.2 to 26.3.1 in the pip group across 1 directory by @dependabot[bot] in #15
  • Bump requests from 2.32.4 to 2.33.0 in the pip group across 1 directory by @dependabot[bot] in #16
  • Bump pytest from 8.2.0 to 9.0.3 in the pip group across 1 directory by @dependabot[bot] in #18
  • Bump lxml from 5.2.1 to 6.1.0 in the pip group across 1 directory by @dependabot[bot] in #19
  • Add missing metadata fields to suspicious_login Sigma rule by @manish01-hash in #20
  • Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @secwexen in #21
  • Potential fix for code scanning alert no. 3: Workflow does not contain permissions by @secwexen in #22

New Contributors

Full Changelog: v0.1.0...v0.2.1