Skip to content
Log in

Playbook

Definition

A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure critical steps such as containment and evidence preservation are not skipped.

Related terms

Decision gate
A checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and...
Escalation Path
The predefined chain of notification and decision-making authority that an incident follows as its severity increases. Documented in the IR plan before...
Indicators of compromise (IoCs)
Artefacts observed on a network or system that suggest an intrusion or malicious activity has occurred, such as unusual outbound connections, known-malicious...
Managed Security Service Provider (MSSP)
A third-party organisation that delivers security monitoring, tooling, and analyst coverage as a contracted service. Used in fully outsourced and co-managed SOC...
Runbook
A technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a...
Security Operations Centre (SOC)
The dedicated team and technology platform responsible for continuous monitoring, detection, analysis, and coordinated response to security events. May be in-house, co-managed,...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
SOAR
Security Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a...
Tabletop exercise
A structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live...
Threat hunting
A proactive, human-led process that searches for evidence of adversary activity in an environment under the assumption that automated controls have been...

Explained in these topics

  • Developing and Using Incident Response PlaybooksA scenario-specific IR document that prescribes the exact steps, decision gates, tools, and responsible roles for handling one class of incident. Subordinate t...
  • SOC Structure and the Tier ModelA documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ens...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account