Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Threat Detection Engineering

You're reading from   Practical Threat Detection Engineering A hands-on guide to planning, developing, and validating detection capabilities

Arrow left icon
Product type Paperback
Published in Jul 2023
Publisher Packt
ISBN-13 9781801076715
Length 328 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Megan Roddie Megan Roddie
Author Profile Icon Megan Roddie
Megan Roddie
Jason Deyalsingh Jason Deyalsingh
Author Profile Icon Jason Deyalsingh
Jason Deyalsingh
Gary J. Katz Gary J. Katz
Author Profile Icon Gary J. Katz
Gary J. Katz
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Introduction to Detection Engineering
2. Chapter 1: Fundamentals of Detection Engineering FREE CHAPTER 3. Chapter 2: The Detection Engineering Life Cycle 4. Chapter 3: Building a Detection Engineering Test Lab 5. Part 2: Detection Creation
6. Chapter 4: Detection Data Sources 7. Chapter 5: Investigating Detection Requirements 8. Chapter 6: Developing Detections Using Indicators of Compromise 9. Chapter 7: Developing Detections Using Behavioral Indicators 10. Chapter 8: Documentation and Detection Pipelines 11. Part 3: Detection Validation
12. Chapter 9: Detection Validation 13. Chapter 10: Leveraging Threat Intelligence 14. Part 4: Metrics and Management
15. Chapter 11: Performance Management 16. Part 5: Detection Engineering as a Career
17. Chapter 12: Career Guidance for Detection Engineers 18. Index 19. Other Books You May Enjoy

A guide to using this book

The previous sections in this chapter provided the foundational knowledge you will need to fully grasp the contents of this book. In this final section, we’ll provide a brief overview of the rest of this book and the topics covered in each chapter.

The book's structure

This book aims to provide you with a thorough walk-through of building a detection engineering program. Along with in-depth knowledge of various aspects of the detection engineering life cycle, this book provides hands-on labs to allow you to learn the tools and skills discussed throughout this book practically. This book is broken into four parts, each providing insight into a different aspect of detection engineering.

Part 1 establishes the foundational knowledge required for the rest of this book. The previous sections of this chapter provided key concepts and terminology that will be referenced throughout this book. We also covered the justification for establishing a detection engineering program and the benefits it brings an organization. In Chapter 2, we will dive into each phase of the detection engineering life cycle and provide a high-level overview of the actions that occur at each phase. Finally, Chapter 3 will guide you through building a detection engineering lab. This lab will be used throughout the rest of this book for hands-on exercises.

Part 2 focuses on the creation side of the detection engineering life cycle. It starts with Chapter 4, which focuses on identifying and evaluating the data sources available to detection engineers. This chapter includes a lab that will show you how to add detection sources to the lab you will have built in Chapter 3. Chapter 5 will help you understand your detection requirements and establish the procedure and method for storing detection code. Part 2 ends with Chapter 6, where you will be provided with a hands-on walk-through of turning the detection requirements you established previously into detection code that can be tested within the lab.

Part 3 moves on to the concept of testing and validating detections. First, Chapter 7 provides practical guidance on validating detection by using existing data and generating simulated data. Additionally, it provides an introduction to proving TTP coverage via the results of the validation. Chapter 8 introduces the idea of leveraging threat intelligence in your detection engineering program, as a detection source, detection requirement, and method of understanding coverage. Chapter 9 closes off Part 3 with a discussion on performance management. This includes methods of measuring the effectiveness of your detections, as well as your detection engineering program as a whole. Furthermore, you will learn how to implement continuous improvement into your detection engineering program.

Part 4 ends this book with Chapter 10. This chapter is for those who want to learn more about detection engineering as a career. It will dive into the skill sets that will be required for a career in detection engineering and the day-to-day role of a detection engineer. Here, you will see where the future of detection engineering is going and how you can get involved in the detection engineering community.

Practical exercises

One of the authors’ goals with this book is to provide not just text-based knowledge but also practical hands-on exercises that will allow you to experience the detection engineering process. These labs begin in Chapter 3, where we’ll build out a test environment that will contain all the infrastructure and tooling required for the rest of the labs in this book.

With this test environment in place, most chapters will include exercises that will allow you to write and evaluate detections. These labs will include both those that relate to specific detection technologies and those that look at the environment’s coverage as a whole.

All code related to these labs is hosted publicly on GitHub at https://github.com/PacktPublishing/Practical-Threat-Detection-Engineering.

The hope is that the practical knowledge provided by this book will enable detection engineers to take actionable lessons learned and implement such strategies and techniques in their environments.

You have been reading a chapter from
Practical Threat Detection Engineering
Published in: Jul 2023
Publisher: Packt
ISBN-13: 9781801076715
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image