SOaC Enterprise v2.0 Documentation Center
Everything you need — from executive summaries to YAML schemas. Choose your starting point.
Board-Ready Materials
Strategic documents for CISOs, executives, and board members evaluating SOaC adoption.
SOaC Enterprise White Paper
Executive overview of the Distributed Intelligence Architecture — board-ready presentation of vision, ROI, and adoption roadmap. Covers all four roles (Red Team, Blue Team, SOC Manager, CISO) and the Play → Verify → Integrate lifecycle.
Updated for v2.0-PLATINUM · March 2026
CISO Transformation Guide
From reactive risk to programmable resilience — strategic framework for CISOs evaluating SOaC adoption across all four operational roles, with risk mapping, evidence-based validation, and phased deployment aligned to the Play → Verify → Integrate workflow.
Updated for v2.0-PLATINUM · March 2026
Executive Architecture Brief
Two-page strategic snapshot of the Distributed Intelligence Architecture — the four pillars, role-to-pillar mapping, deployment topology, and business impact summary for board-level review.
Updated for v2.0-PLATINUM · March 2026
What's New in v2.0-PLATINUM
Comprehensive summary of everything new in v2.0-PLATINUM — Four-Role Model, Play → Verify → Integrate lifecycle, Evidence Engine, Team Game Operations, and all verified MTIP packages.
Updated for v2.0-PLATINUM · March 2026
Compliance Matrix
Maps SOaC controls to NIST, MITRE ATT&CK, ISO 27001, and SOC2 requirements — auditable and version-controlled.
Updated for v2.0-PLATINUM · March 2026
System Design & Schemas
Blueprints, specifications, and interactive guides for understanding how SOaC is built.
Architecture Reference v2.0
Technical blueprint covering all four pillars — Body, Brain, Purpose, Edge — with data-flow diagrams, role-to-pillar mapping for Red Team, Blue Team, SOC Manager, and CISO, plus the Play → Verify → Integrate deployment topology.
Updated for v2.0-PLATINUM · March 2026
Validation & Evidence Model v2.0
The three-level validation framework — Schema (L1), Cross-Reference (L2), and Replay & Evidence (L3). Explore how Evidence Bundles are generated for each of the 11 MTIP packages with PASS/PARTIAL/FAIL verdicts.
Updated for v2.0-PLATINUM · March 2026
How It Works — Technical Overview v2.0
End-to-end walkthrough of the SOaC data path — from telemetry ingestion through AI reasoning to automated response, with deployment models and integration patterns.
Updated for v2.0-PLATINUM · March 2026
CLAW Playbook Schema v1.0
Formal specification of the CLAW YAML schema — the contract between human operators and automated response orchestration.
Updated for v2.0-PLATINUM · March 2026
Operational Guides & Tools
Runbooks, validation tools, CI pipelines, and core templates for operators and engineers.
SOC / IR Deployment Runbook v2.0
Operational playbook for SOC analysts and incident responders — lab setup, scenario execution, CLAW deployment, triage procedures, and role-based workflows.
Updated for v2.0-PLATINUM · March 2026
Team Game Operations Guide v2.0
Run multi-role team simulations in the Lab — Red Team attacks, Blue Team defends, SOC Manager triages, CISO reviews governance. Includes role selection, step-by-step walkthroughs, and After Action Review (AAR).
Updated for v2.0-PLATINUM · March 2026
Platform Operating Model v2.0
Governance, ownership, change management, and steady-state operations for SOaC Enterprise — RACI matrices, sprint cadences, KPIs, and escalation paths across all four roles.
Updated for v2.0-PLATINUM · March 2026
SOaC Harness — CLI Validation Engine
Offline, CI-ready CLI that validates Playbooks, Detections, Policies, and Package Metadata at Level 1 (Schema), Level 2 (Cross-Reference), and Level 3 (Replay & Evidence).
Updated for v2.0-PLATINUM · March 2026
GitHub Actions CI Pipeline
Ready-made soac-ci.yml workflow that runs Level 1 + Level 2 harness validation on every push and PR to main.
Updated for v2.0-PLATINUM · March 2026
Core Templates
Canonical YAML schemas for detection rules, CLAW playbooks, policies, and package metadata — the building blocks of every SOaC package.
Updated for v2.0-PLATINUM · March 2026
Repository Explorer
Open on GitHubPer-Package Docs & v3 Manifest
Auto-generated from the package registry — each card shows v3 manifest fields including platform targets, simulation steps, detection coverage, and documentation links.
How the Platform Works
Simulation operations, team game flow, roles, scoring, replay, and community features.
Simulation Operations
How the Lab works end-to-end — session lifecycle, solo vs. team modes, difficulty tiers, and step execution flow.
Team Game / Multiplayer
Lobby creation, invite codes, SSE real-time sync, role selection, CISO observer mode, and in-game chat.
Roles & Responsibilities
Four-role model — Red Team, Blue Team, SOC Manager, CISO — with pillar mapping, duties, and operational scope.
Scoring & Leaderboard
Score calculation, detection rate metrics, badge system (9 badges across 5 rarity tiers), and global leaderboard rankings.
Replay & After-Action Review
Session replay with timeline, role filtering, playback controls, public sharing with OG previews, and structured AAR debrief.
Community & Referrals
Activity feed with claps and comments, referral program with session credit rewards, and profile analytics.
Need hands-on experience? Try a team simulation or explore validated packages.