Purple Book 1.0

Version 1.0 by Toni Peltola, Tero Räsänen, Kristian Kantola, Eero Järvinen (2022)

Purple Book

2022 was the first year when the new WIMMA Lab SOC was implemented. This guide shows the groundwork that Mysticons did when the project started. Within it you'll find all the necessary technologies needed for the SOC to run and how to install them to your environments. You will also find information about SOC playbooks, SOC structures and roles and a general idea how a security operation center should be operated.


  1. Introduction
  2. Automating CSC and Kubernetes
  3. SIEM
  4. How the SOC is managed and monitored
  5. SOC Playbook
  6. What to Focus on in the future
  7. Useful resources