To get the most out of this book
You will need an existing understanding of basic programming or scripting, experience in a security operation or engineering role, and conceptual knowledge of common enterprise security tools and their purpose. While a background in detection engineering is useful, it is not a requirement to fully implement and achieve the objectives of this book.
|
Software/hardware covered in the book |
Operating system requirements |
|
A computer capable of running an Ubuntu-based VM concurrently, with a recommended 8 CPU cores and 16 GB of memory for the host machine |
Compatible Intel x86-64 Windows 10+, macOS 13+, or Ubuntu Desktop LTS 22.04+ |
|
Amazon Web Services (AWS) |
|
|
Atlassian Jira Cloud |
|
|
Cloud Custodian |
|
|
Cloudflare WAF |
|
|
CodeRabbit AI |
|
|
CrowdStrike Falcon EDR |
|
|
Datadog Cloud SIEM |
|
|
Git CLI |
|
|
GitHub |
|
|
Google Chronicle |
|
|
Google Colab |
|
|
Hashicorp Terraform |
|
|
Microsoft VS Code |
|
|
PFSense Community Edition |
|
|
Poe.com AI |
|
|
Python 3.9+ |
|
|
SOC Prime Uncoder AI |
|
|
Splunk Enterprise |
|
|
Tines.com Cloud SOAR |
|
|
Trend Micro Cloud One |
|
|
Ubuntu Desktop LTS 22.04+ |
|
|
Wazuh Server and EDR |
Before we begin with Chapter 1, you will need to set up and install the Ubuntu Desktop LTS version on a VM that you will run on a compatible compute resource. Follow the latest instructions on the Ubuntu website for your host operating system. It is also advised to download a copy of each chapter’s contents from https://github.com/PacktPublishing/Automating-Security-Detection-Engineering as you progress through the book. Each chapter will have a series of lab reference files for you to explore, modify, or use as a full solution. Refer to the lab instructions in each chapter for more details.
We also recommend not signing up for the free trials of the software vendors until you have reached a chapter that requires you to do so. This will allow you to have an extended amount of time pursuing the lab work as you progress through this book.
Finally, since all code at the time of writing is a point in time, if you are having trouble with the latest versions, we suggest importing the Python pip requirements.txt file from the repository, based on the pinned versions.
