https://github.com/atensecurity/thoth-runbooks

SIEM, PAM, and SOAR runbooks for Thoth headless operations
https://github.com/atensecurity/thoth-runbooks

pam runbooks security siem soar thoth

Last synced: 15 days ago
JSON representation

SIEM, PAM, and SOAR runbooks for Thoth headless operations

• Host: GitHub
• URL: https://github.com/atensecurity/thoth-runbooks
• Owner: atensecurity
• Created: 2026-04-23T00:21:40.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-05-10T03:37:06.000Z (about 2 months ago)
• Last Synced: 2026-05-10T05:34:19.889Z (about 2 months ago)
• Topics: pam, runbooks, security, siem, soar, thoth
• Homepage: https://docs.atensecurity.com/docs/headless-gitops
• Size: 70.3 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# thoth-runbooks

Operational runbooks for running Thoth in headless deployments and integrations.

## Public Safety Rules

- Never include live customer names, tenant IDs, domains, or emails.

- Never include real secrets, tokens, API keys, callback secrets, or JWTs.

- Use placeholders for all environment-specific values.

- Keep internal break-glass or privileged operator procedures out of this repo.

- Keep detailed production cutover and incident-response procedures in internal docs only.

## Contents

- `siem/` — ingestion, routing, and alert enrichment runbooks

  - `siem/microsoft-sentinel.md`

  - `siem/splunk.md`

- `pam/` — step-up and approval-control runbooks

  - `pam/approval-gates.md`

- `soar/` — incident orchestration runbooks

  - `soar/incident-orchestration.md`

- `onboarding/` — getting started and deployment-pattern runbooks

  - `onboarding/customer-environment-initialization.md`

  - `onboarding/thothctl-quickstart.md`

  - `onboarding/headless-prepoc-testing.md`

  - `onboarding/choose-deployment-pattern.md`

  - `onboarding/terraform-quickstart.md`

  - `onboarding/pulumi-quickstart.md`

  - `onboarding/kubernetes-operator.md`

  - `onboarding/kubernetes-operator-production.md`

- `operations/` — day-2 governance lifecycle runbooks

  - `operations/policy-lifecycle-management.md`

- `policy-templates/` — public-safe starter policy bundles for early pilots

  - `policy-templates/fintech-two-agent-pilot/`

  - `policy-templates/healthcare-two-agent-pilot/`

  - `policy-templates/sidecar-starter-packs/`

## Audience

- Security engineering

- SecOps / SOC teams

- Platform teams operating Thoth via GitOps and APIs