ADK Runbooks#

This site serves as the central hub for documentation related to the Agent Development Kit (ADK) runbooks, a collection of automated procedures, security content, and operational guides designed to streamline cybersecurity operations. Here you’ll find information on setting up the project, configuring its components, understanding the multi-agent architecture, and leveraging the extensive Rules Bank for detection and response. Whether you’re a SOC analyst, detection engineer, or incident responder, this documentation aims to provide the necessary resources to effectively utilize and contribute to the ADK Runbooks ecosystem.

Project Documentation Contents#

This site contains detailed information about various components of the ADK Runbooks project. Explore the sections below to find specific documentation.

ADK Multi-Agent System Overview#

Details on the multi-agent architecture, project structure, configuration system, and how to run the example.

Setup & Configuration#

Instructions for setting up the project environment and configuring necessary components.

Note

The setup and configuration details below primarily pertain to the example multi-agent system provided in this repository.

Setup

Warning

Do NOT use uv to run adk with a pyproject.toml file. (It causes intractable dependency resolution issues.)

Instead, do this:

git clone --recurse-submodules https://github.com/dandye/adk_runbooks.git
cd adk_runbooks/multi-agent
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
adk run manager

Or with uv as pip replacement:

git clone --recurse-submodules https://github.com/dandye/adk_runbooks.git
cd adk_runbooks/multi-agent
python -m venv .venv
source .venv/bin/activate
uv pip sync requirements.txt
adk run manager

If you already cloned without submodules:

cd adk_runbooks
git submodule update --init --recursive

Configuration

There are two places to configure for your environment:

  1. ADK Environment Variables

    • Copy ./multi-agent/manager/.env.example to ./multi-agent/manager/.env

    • Add your GOOGLE_API_KEY to the .env file

  2. MCP Security Tools

    • The MCP Security tools are included as a git submodule in external/mcp-security/

    • Copy ./external/mcp-security/.env.example to ./external/mcp-security/.env

    • Configure your security tool API keys (Chronicle, SOAR, VirusTotal)

Core Documents#

These documents outline the foundational strategies, protocols, and plans for the ADK Runbooks project and the Rules Bank. They provide high-level guidance and operational frameworks.

Core Documents:

AI Documentation#

This section covers documents related to the design, operation, and review of AI systems within the security context.

Atomic Runbooks#

This section contains a collection of atomic runbooks, which are focused, reusable procedures for specific security tasks. These are typically categorized by the primary entity type they address (e.g., IP Address, Domain, Hash).

General Security Runbooks#

This area houses a broader collection of runbooks for various security operations, including comprehensive investigation guides, triage procedures, specific incident response plans, and detection engineering workflows.

General Security Runbooks:

Templates and Use Cases#

Here you’ll find templates to help standardize the creation of new runbooks and documentation detailing specific detection use cases.

Security Personas#

Understanding the roles and responsibilities of different security team members is crucial for effective collaboration and tailored procedures. This section describes various security personas.

Security Personas:

Agent Workflow References#

Comprehensive collection of agent workflow patterns and operational procedures.

MCP Tools Integration#

Documentation for the Model Control Protocol (MCP) tools integration and reference guides for various security platforms.

Development and Planning#

This section includes documents related to ongoing development, future planning, and suggestions for the ADK Runbooks project.

Development & Planning: