Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Automating Security Detection Engineering

You're reading from   Automating Security Detection Engineering A hands-on guide to implementing Detection as Code

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781837636419
Length 252 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Dennis Chow Dennis Chow
Author Profile Icon Dennis Chow
Dennis Chow
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Part 1: Automating Detection Inputs and Deployments FREE CHAPTER
2. Chapter 1: Detection as Code Architecture and Lifecycle 3. Chapter 2: Scoping and Automating Threat-Informed Defense Inputs 4. Chapter 3: Developing Core CI/CD Pipeline Functions 5. Chapter 4: Leveraging AI for Use Case Development 6. Part 2: Automating Validations within CI/CD Pipelines
7. Chapter 5: Implementing Logical Unit Tests 8. Chapter 6: Creating Integration Tests 9. Chapter 7: Leveraging AI for Testing 10. Part 3: Monitoring Program Effectiveness
11. Chapter 8: Monitoring Detection Health 12. Chapter 9: Measuring Program Efficiency 13. Chapter 10: Operating Patterns by Maturity 14. Index 15. Other Books You May Enjoy

What this book covers

Chapter 1, Detection as Code Architecture and Lifecycle, provides a review of the detection life cycle concepts and planning for what practical aspects of the detection engineering program can be automated. The concept and requirements of DAC in practice are also covered.

Chapter 2, Scoping and Automating Threat-Informed Defense Inputs, provides the concepts necessary to narrow down and prioritize threat indicators as a means of focusing a detection engineering team’s resources. The chapter will use technical labs to parse and ingest common indicators of compromise (IOC) for common security tools.

Chapter 3, Developing Core CI/CD Pipeline Functions, provides a brief introduction to DevOps workflow patterns using the common “Git”-style tools. The chapter includes multiple labs to deploy use cases in an automated and controlled manner, using pipelines and repositories.

Chapter 4, Leveraging AI for Use Case Development, provides examples and ideas on how to leverage large language models (LLMs) to augment use case development, including tuning and prompt engineering practices. The chapter provides hands-on labs that include utilizing AI for multiple use case development areas.

Chapter 5, Implementing Logical Unit Tests, provides an overview of code linting and use case validation within a CI/CD pipeline. The chapter includes multiple hands-on labs of validation, including use case metadata, taxonomy, and logic testing with data.

Chapter 6, Creating Integration Tests, provides an extended understanding of validation testing using a “live fire” infrastructure that is set up in technical labs. The chapter also covers the concepts of CI/CD pipeline branching strategies and custom payload-based tests.

Chapter 7, Leveraging AI for Testing, complements the concepts of validation testing, using LLMs in the CI/CD pipeline to conduct synthesized testing when typical unit or integration testing is not practical. The chapter further covers ways to evaluate ROI and whether AI-based validation is suitable for an organization’s needs.

Chapter 8, Monitoring Detection Health, provides concepts and examples of what metrics are required to stay aware of detection performance and impact on SIEMs. The chapter also includes hands-on labs to explore useful metrics in dashboards and an example of auto-tuning with SOAR.

Chapter 9, Measuring Program Efficiency, provides examples of useful tactical and strategic program-level KPIs and how to locate data to populate the metrics. The chapter covers multiple examples from SIEMs and workflow management solutions to represent metrics in a meaningful way.

Chapter 10, Operating Patterns by Maturity, provides maturity pattern concepts that can be used as a baseline to “phase in,” depending on an organization’s readiness. The chapter covers foundational, intermediate, and advanced phases, including technical requirements, approaches, and cost estimations.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image