A curated Obsidian vault with templates, cheatsheets, and workflows for security operations, incident response, threat hunting, and more.
Welcome to RatVault - your comprehensive knowledge base and toolkit for security analysis!
This vault was created by Mick Donahue as a resource for security professionals to quickly access templates, cheatsheets, reference guides, and workflows. Feel free to use, customize, and extend this vault for your own security operations.
Β Β
RatVault is an Obsidian vault configured specifically for security analysts, SOC teams, incident responders, and threat hunters. It provides a structured approach to security documentation, analysis, and knowledge management using the power of Obsidian's linking and knowledge graph.
- π Security analyst templates - IR reports, malware analysis, threat hunting plans, and more
- π§Ύ Cheatsheets - KQL, PowerShell, Bash, Windows internals, and other reference materials
- π Incident response & SOC workflows - Standardized processes for handling security events
- π Dashboards - Canvas and Excalidraw visualizations for security operations
- π§° Tool integration guides - How to use and integrate security tools
- π§ Notes with backlinks and dataviews - Connect your security knowledge
- Install Obsidian: Download from obsidian.md
- Open this vault: Use "Open folder as vault" in Obsidian and select this folder
- Install community plugins: Go to Settings β Community Plugins β Browse and install the recommended plugins
- Apply settings: Copy the
settings.jsonfrom the Custom_Plugins folder to your.obsidianfolder if you want to use the recommended settings
| Folder | Contents |
|---|---|
Templates/ |
Incident report, malware triage, threat hunting plans, daily logs |
Cheatsheets/ |
Query languages, scripting, systems reference |
Tool_Guides/ |
Guides for security tools and platforms |
Threat_Intel/ |
IOC templates, YARA rules, threat actor tracking |
Daily_Logs/ |
SOC daily log templates and entries |
Custom_Plugins/ |
Settings files and plugin configurations |
Canvas_Dashboards/ |
Visual dashboards for security operations |
- Dataview: For querying and displaying information from your notes
- Excalidraw: For creating diagrams and visual representations
- Templater: For enhanced template capabilities
- Kanban: For visual task management
- Calendar: For date-based navigation
- Advanced Tables: For better table management
- Tasks: For task tracking across notes
- Cybertron: A dark theme with a retro-futuristic style perfect for security work
- Obsidian Nord: A clean, dark blue theme that reduces eye strain during long shifts
- Terminal: A terminal-inspired theme that brings a hacker aesthetic
- Daily Logs: Start each shift by creating a new daily log from the template
- Incident Documentation: Use the IR template when responding to security incidents
- Knowledge Building: Link related notes using
[[double brackets]]to build your knowledge graph - Dataview Queries: Use dataview to create dashboards showing open incidents, tasks, or other data
- Templates: Use the templates as starting points and customize them to your needs
Feel free to enhance this vault with your own templates, cheatsheets, and workflows. Some suggested contributions:
- Additional tool guides
- New templates for specific security scenarios
- Custom CSS snippets for security dashboards
- Scripts to automate security tasks
If you create something useful, consider sharing it with the community! You can submit a pull request to the GitHub repository or reach out directly.
RatVault was created by Mick Donahue, a security professional passionate about knowledge management and security operations. This vault is designed to help others streamline their security workflows.
If you find this resource valuable, consider:
[!tip] Security Notes Best Practices
- Maintain Operational Security: Be mindful of sensitive data
- Regular Backups: Back up your vault regularly
- Consistent Structure: Follow the established structure for new notes
- Link Generously: Create connections between related notes
- Use YAML Frontmatter: Add metadata to enable powerful filtering