What this book covers

Chapter 1, Threat Landscape and Cybersecurity Incidents, covers the context of cyber threats today and how they evolve and can become a risk to the organization's security.

Chapter 2, Concepts of Digital Forensics and Incident Response, covers incident response and digital forensics investigation fundamentals and best practices.

Chapter 3, Basics of the Incident Response and Triage Procedures, teaches you about forensics artifact identification and triage procedures.

Chapter 4, Applying First Response Procedures, teaches you how to perform first response procedures and collect digital evidence in a practical way.

Chapter 5, Identifying and Profiling Threat Actors, teaches you how to profile specific threats and identify the adversaries that may cause risk to your organization.

Chapter 6, Understanding the Cyber Kill Chain and the MITRE ATT&CK Frameworks, covers two of the most relevant frameworks to map adversaries' behaviors, tactics, and procedures.

Chapter 7, Using Cyber Threat Intelligence in Incident Response, shows you how to use threat intelligence information to identify malicious behavior in a cybersecurity incident.

Chapter 8, Building an Incident Response Capability, covers the alignment of different aspects of responding to security breaches, such as business continuity, disaster recovery, and incident response.

Chapter 9, Creating Incident Response Plans and Playbooks, shows you how to create incident response plans and playbooks for different attack scenarios.

Chapter 10, Implementing an Incident Management System, teaches you how to implement and configure an incident response management system, create investigation cases, and search artifact information on threat intelligence sources.

Chapter 11, Integrating SOAR Capabilities into Incident Response, teaches you how to integrate multiple systems to automate the processes of monitoring, alerting, creating cases, and investigating security incidents.

Chapter 12, Working with Analytics and Detection Engineering in Incident Response, covers the fundamentals of detection engineering and how you can use it to improve your monitoring or incident response detection capacity.

Chapter 13, Creating and Deploying Detection Rules, covers the fundamentals of the Yara and Sigma tools and shows you how to create rules to detect compromise and malicious behavior indicators.

Chapter 14, Hunting and Investigating Security Incidents, is where you will apply the concepts learned in the book in a practical scenario where you will hunt for threats and investigate a security breach.