SOC Analyst Runbook

Your Go-To Incident Response Reference for SOC Analysts

The FUNBIRD LLC SOC Analyst Runbook is a practical, no-fluff reference guide built for Security Operations Center analysts who need fast, reliable procedures during active incidents. Stop guessing during high-pressure situations — follow proven playbooks built around real SOC workflows.

🎯 What’s Inside the Runbook

• ✅ Incident Response Phase Playbooks — step-by-step procedures for Preparation, Detection, Containment, Eradication, Recovery, and Lessons Learned
• ✅ Triage & Escalation Decision Trees — know exactly when to escalate and who to notify
• ✅ Log Analysis Quick Reference — Windows Event IDs, Linux log commands, Syslog patterns
• ✅ MITRE ATT&CK Mapping Sheet — map alerts to tactics and techniques instantly
• ✅ SOC KPI & Metrics Tracker — MTTD, MTTR, false positive rate and more
• ✅ Tool Command Cheat Sheet — Wireshark, Nmap, Splunk, Snort, NetworkMiner
• ✅ Instant PDF Download — access immediately after purchase

📊 Incident Types Covered

• 🔴 Malware & Ransomware — detection, isolation, and recovery steps
• 🟠 Phishing & Social Engineering — triage and user notification procedures
• 🔵 Network Intrusion — traffic analysis and containment playbook
• 🟣 Insider Threat — detection indicators and escalation path
• 🟢 Data Exfiltration — identification and response procedures

👤 Who This Is For

• Tier 1 and Tier 2 SOC Analysts handling daily alert triage
• CySA+ candidates needing real-world IR phase practice
• Blue team professionals building or refining SOC procedures
• IT professionals transitioning into a SOC analyst role
• Students in cybersecurity degree or bootcamp programs

⚡ Why Buy From FUNBIRD LLC

• Built by an active SOC-focused cybersecurity practitioner
• Aligned with CompTIA CySA+ CS0-003 incident response objectives
• Complements the FUNBIRD LLC Wireshark, Snort, and NetworkMiner lab videos
• Designed for quick reference during real incidents — not just exam prep