# 序言

**目前作者在忙学习其他事情，暂时没有时间更新，有问题提issue。**

{% hint style="info" %}
**作者傻逼了Σ(☉▽☉"a，github的MFA密钥丢失，github无法登录，转战新号：**

[**https://github.com/lokerxx**](https://github.com/lokerxx)
{% endhint %}

该书的链接地址：<https://icybersec.gitbook.io/soc/>

个人博客：<https://www.freebuf.com/author/%E9%99%8C%E5%BA%A6?type=article>

GitHub地址：<https://github.com/yingshang/SocBook>（**star！！！！**）

此书一开始编写内容是关于SIEM做安全监控，后面发现内容可以扩展到安全运营领域，也就是SOC建设落地，所以稍微把格局搞大一点，讲一下整个安全运营体系是怎么建设和落地的。

书中大部分会使用**开源安全项目**去构建整个安全运营体系生态，打通各个安全产品的封闭，完成信息流和安全的对接，在细分领域找到重点内容，形成方法论，才能对外输出能力，反哺生态。当然，我们会聚集方案实施和落地的**痛点**，复盘整个生命周期流程，将知识沉淀下来，达成共识，赋能给安全对象使用。

**该书适合人群：一个人安全部、乙方转甲方安全人员、安全运维人员。**

**初定该书总页数500-600。有钱的朋友打赏一波\~\~有力的朋友点star一波\~你的star是我更新书籍的动力，star越多更新越快。**

***

***

![](/files/-MfrbrQuzzZGVGnGGXnn)

**PS：有什么不懂的问题或者建议提issue给我就可以了。**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://icybersec.gitbook.io/soc/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.