You're reading from Practical Threat Intelligence and Data-Driven Threat Hunting A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Product type Paperback

Published in Feb 2021

Publisher Packt

ISBN-13 9781838556372

Length 398 pages

Edition 1st Edition

Tools

Elasticsearch

Concepts

Application Security

Author (1):

Valentina Costa-Gazcón

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: Cyber Threat Intelligence

2. Chapter 1: What Is Cyber Threat Intelligence? FREE CHAPTER

3. Chapter 2: What Is Threat Hunting?

4. Chapter 3: Where Does the Data Come From?

5. Section 2: Understanding the Adversary

6. Chapter 4: Mapping the Adversary

7. Chapter 5: Working with Data

8. Chapter 6: Emulating the Adversary

9. Section 3: Working with a Research Environment

10. Chapter 7: Creating a Research Environment

11. Chapter 8: How to Query the Data

12. Chapter 9: Hunting for the Adversary

13. Chapter 10: Importance of Documenting and Automating the Process

14. Section 4: Communicating to Succeed

15. Chapter 11: Assessing Data Quality

16. Chapter 12: Understanding the Output

17. Chapter 13: Defining Good Metrics to Track Success

18. Chapter 14: Engaging the Response Team and Communicating the Result to Executives

19. Other Books You May Enjoy

Leave a review - let other readers know what you think

Appendix – The State of the Hunt

Setting up a research environment

Before we can carry out a hunt in our production environment, we need to prepare a laboratory environment in which we are going to emulate the threats we want to hunt for. There isn't a unique or right way to build a research environment. The requirements will change, depending on where and what you are planning to deploy. You may want to create a lab so that you can do research by yourself, or you may want to deploy a lab that will mimic your organization's infrastructure, allowing you to emulate the adversary in order to carry out hunts in a production environment later on. You could also create a research environment that focuses more on network traffic analysis than on host-related artifacts.

In this chapter, we are going to build a research environment pretty similar to the one I host myself that's described by Roberto Rodriguez in his personal blog: Setting up a Pentesting… I mean, a Threat Hunting Lab (https://cyberwardog...