SCHEMA v3.0 · 0 PACKAGES · OPEN-SOURCE

SecOps-as-Code.
Plug-and-Play Defense.

0 replay-verified packages covering 0+ MITRE ATT&CK techniques across 0 detection stacks. GitHub-native. Operations-ready.

Play → Verify → Integrate. Free & open.

Start a Team GameExplore 0 Verified PackagesView on GitHub

The Body

Detection Library

Version-controlled rules for Splunk, Sentinel & CrowdStrike

The Brain

AI Governance

Claude Security AI with Policy-as-Code enforcement

The Purpose

CLAW Engine

Continuous, Logic-Adaptive Workflows for automated response

The Edge

Edge Enforcement

HMAC-signed distributed enforcement at the edge

Play → Verify → Integrate

Three steps from threat simulation to production defense. No rewrites, no vendor lock-in.

01

Play

Realistic scenarios · Team-based exercises · Role-driven simulation

Launch Red/Blue/SOC team exercises against real-world threat scenarios. Every scenario is built from MITRE ATT&CK techniques observed in the wild.

Launch Lab
02

Validate

Replay validation · Evidence-backed detections · L1/L2/L3

Every detection, playbook, and policy is replay-verified against evidence bundles. Three-level validation ensures nothing ships without proof.

View Validation
03

Integrate

GitHub-native artifacts · Copy path · Deploy into SOC stack

Copy the GitHub path, drop the YAML into Sentinel, CrowdStrike, or Splunk. SOaC packages are designed for zero-config, plug-and-play integration.

Explore Packages

Choose Your Role

SOaC is built for every role in the security operations lifecycle. Pick your lane.

RED TEAM

Launch Simulation

Execute adversary playbooks mapped to MITRE ATT&CK. Test your organization’s detections before attackers do. Every scenario is drawn from live threat-intel.

Launch Simulation
BLUE TEAM

Verify Detections

Validate detection rules fire on every technique. The Replay Engine re-executes your rules against evidence bundles so nothing slips through to production.

Verify Detections
SOC MANAGER

Run Team Exercise

Coordinate Red/Blue team exercises across all verified scenarios. Review After-Action Reports, track MITRE coverage, and prove readiness to stakeholders.

Run Team Exercise
CISO

View Executive Guide

Evaluate SOaC adoption readiness, review architecture briefs, governance frameworks, and executive reporting. From reactive risk to programmable resilience.

View Executive Guide

Start with the Right Asset

Not ready to dive into packages or the lab? Start here — strategic and architectural entry points for decision-makers and first-time visitors.

White Paper

Executive overview of the SOaC Distributed Intelligence Architecture — for board-level presentation and strategic evaluation.

Read White Paper

CISO Adoption Guide

From reactive risk to programmable resilience — a strategic framework for evaluating and executing SOaC adoption in your organization.

View Guide

Architecture Brief

Technical blueprint covering Body, Brain, Purpose, and Edge pillars — data-flow diagrams, integration points, security model, and deployment topology.

View Architecture

Team Game Overview

How Red/Blue/SOC Manager exercises work across all verified scenarios — roles, workflow, After-Action Reports, and executive outputs.

Explore Team Games
0Verified Packages
0Team Game Scenarios
Replay Verified
v3.0Schema Version
PASSHarness v3.0

Supported Stacks

Integrates with your existing tooling

Sentinel
CrowdStrike
Splunk
AWS
Chronicle
Cortex XSIAM
Okta
Entra ID

Detection to Enforcement in Seconds

From the moment a threat is detected to the instant it is contained — fully automated, fully audited.

The Body

Detects AitM phishing via Splunk correlation rule

The Brain

Claude AI evaluates threat confidence at 97%

The Purpose

CLAW engine executes revoke-sessions playbook

The Edge

Edge nodes enforce session block globally

v3.0 · SCHEMA v3.0

The Journey: Platinum Release

From solo detection rules to a full collaborative SecOps platform. Schema v3.0 marks the arrival of Harness validation, platform targets, and plug-and-play integration.

Team Game Engine

Red Team, Blue Team, and SOC Manager roles collaborate in real-time threat exercises across all 0 scenarios.

Harness v3.0 Validation

Schema v3.0 validation: mitre_version, platform_targets, simulation_steps, detection format checks — all automated.

GitHub-Native Workflow

Every package maps to a GitHub path. Copy, clone, and integrate into your CI/CD pipeline in seconds.

Plug-and-Play Packages

0 replay-verified packages covering ransomware, supply chain, IAM, insider threat, and more — ready for drop-in deployment.

Try Team Game Now
OPEN SOURCE

Open by design. Deployable by anyone.

Every detection, playbook, policy, and lab scenario is versioned, peer-reviewed, and free. GitHub is the source of truth. The portal is the front door.

View RepositoryDeploy in your environmentJoin Discussions

Detections-as-Code

Splunk · Sentinel · CrowdStrike

Playbooks-as-Code

CLAW YAML format

Policies-as-Code

AI governance rules

Labs-as-Code

Reproducible simulations

Threat Landscape Coverage

SOaC defends against the most active threat actors and techniques mapped to the MITRE ATT&CK framework. Click any threat to see the matching package.

Join the Movement

Your information is stored securely and used only for SOaC community updates.