You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801072953

Length 468 pages

Edition 1st Edition

Languages

C++

Tools

Kali Linux

Concepts

Information Management

Author (1):

Roberto Martinez

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: The Fundamentals of Incident Response

2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER

3. Chapter 2: Concepts of Digital Forensics and Incident Response

4. Chapter 3: Basics of the Incident Response and Triage Procedures

5. Chapter 4: Applying First Response Procedures

6. Section 2: Getting to Know the Adversaries

7. Chapter 5: Identifying and Profiling Threat Actors

8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework

9. Chapter 7: Using Cyber Threat Intelligence in Incident Response

10. Section 3: Designing and Implementing Incident Response in Organizations

11. Chapter 8: Building an Incident Response Capability

12. Chapter 9: Creating Incident Response Plans and Playbooks

13. Chapter 10: Implementing an Incident Management System

14. Chapter 11: Integrating SOAR Capabilities into Incident Response

15. Section 4: Improving Threat Detection in Incident Response

16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response

17. Chapter 13: Creating and Deploying Detection Rules

18. Chapter 14:  Hunting and Investigating Security Incidents

19. Other Books You May Enjoy

Understanding the MITRE ATT&CK framework

MITRE Adversaries Tactics, Techniques, and Common Knowledge (ATT&CK) (https://attack.mitre.org/) is a knowledge base created by MITRE in 2013 and maintained by multiple organizations and the security community to identify the tactics and techniques used by malicious actors in different real-life attacks. The information of the ATT&CK Matrix for Enterprise is organized into 14 tactics divided into techniques and sub-techniques based on the phases presented in an attack as shown in the following screenshot:

Figure 6.4 – The ATT&CK Matrix for Enterprise

There are currently three categories of ATT&CK matrices:

Enterprise: Describes the actions that a threat actor can use on corporate networks that include Windows, macOS, Linux, PRE, Azure AD, Office 365, Google Workspace, SaaS, IaaS, network, and container platforms: https://attack.mitre.org/matrices/enterprise/
Mobile: Describes...