Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Purple Team Strategies

You're reading from Purple Team Strategies Enhancing global security posture through uniting red and blue teams with adversary emulation

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801074292

Length 450 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Penetration Testing

Authors (4):

David Routin

Samuel Rossier

Simon Thoores

Michael Molho

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Concept, Model, and Methodology

2. Chapter 1: Contextualizing Threats and Today's Challenges FREE CHAPTER

3. Chapter 2: Purple Teaming – a Generic Approach and a New Model

4. Chapter 3: Carrying out Adversary Emulation with CTI

5. Chapter 4: Threat Management – Detecting, Hunting, and Preventing

6. Part 2: Building a Purple Infrastructure

7. Chapter 5: Red Team Infrastructure

8. Chapter 6: Blue Team – Collect

9. Chapter 7: Blue Team – Detect

10. Chapter 8: Blue Team – Correlate

11. Chapter 9: Purple Team Infrastructure

12. Part 3: The Most Common Tactics, Techniques, and Procedures (TTPs) and Defenses

13. Chapter 10: Purple Teaming the ATT&CK Tactics

14. Part 4: Assessing and Improving

15. Chapter 11: Purple Teaming with BAS and Adversary Emulation

16. Chapter 12: PTX – Purple Teaming eXtended

17. Chapter 13: PTX – Automation and DevOps Approach

18. Chapter 14: Exercise Wrap-Up and KPIs

19. Other Books You May Enjoy

Chapter 7: Blue Team – Detect

In the previous chapter, we explained how to implement an efficient log collection architecture for various types of data sources. These techniques allow us to go forward to the next phase: Detect.

We often see organizations integrating all the logs and data sources of their company; this is, unfortunately, often a recommendation provided by Security Information and Event Management (SIEM) vendors and/or Managed Security Service Providers (MSSPs) (especially for volume and licensing costs). In fact, quality should go over quantity. In this chapter, we will present the different data sources that, from our point of view, are mandatory to be implemented for any blue team. We will go one step further by explaining what exactly should be collected and for what reasons, and also discuss the implementation of network detection and deceptive technologies to circumvent attackers' paths and detect them efficiently. In addition, we will present a...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

Molho

Molho

See other products by Molho

Routin

Routin

David Routin started, in his teens, to learn cybersecurity in the 90s, the passion is continued through various contributions or projects such as MITRE ATT&CK framework, SIGMA, vulnerability disclosures (Microsoft), public events speaking and multiple publications from French MISC magazine to this book. As a professional, he owned various positions from security engineer to CISO. For the last ten years as Security Operations Center Manager roles, he built and operated multiple SOC for MSSP or private companies. His areas of expertise are SOC, Blue & Purple teaming, incident response, forensic (SANS GCIH/GCFA), detection engineering, management and compliance (ISO27001 or PCI).

See other products by Routin

Rossier

Rossier

Samuel Rossier is currently SOC lead within a government entity where he focuses on detection engineering, incident response, automation, and cyber threat intelligence. He is also a teaching assistant at the SANS Institute. He was previously responsible for a private bank group CIRT, and also worked as an SOC manager within an MSSP. He also spent several years within a consulting cybersecurity practice. Samuel currently holds a master's degree in information systems and several information security certifications, including GRID, GMON, eCIR, eCTHP, eCRE, eNDP, and eJPT. He is also a contributor to the MITRE D3FEND and SIGMA frameworks and likes to speak at conferences and analyze malware. He values a strong emphasis on the people dimension of cybersecurity by sharing knowledge.

See other products by Rossier

Thoores

Thoores

Simon Thoores is a cybersecurity analyst specialized in Forensic and Incident Response. He started his career as a Security Analyst after obtaining an Engineering diploma in Information System architecture focus on security. He built his forensics and reverse engineering skills during large-scale incident responses from malware and ransomware attacks to more advanced attacks for a wide variety of environments, he finally certified these skills with GCFA. Then he moved to the Cyber Threat Intelligence field to better understand attacker methodologies to align and strengthen response and support for his clients. Lately he decided to put his skills and knowledges to emulate threat actors to help customer improve their security.

See other products by Thoores

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m