Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Conventions used
• Get in touch
• Share Your Thoughts

1. Section 1: The Fundamentals of Incident Response

2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER

• Knowing the threat landscape
• Understanding the motivation behind cyber attacks
• Emerging and future cyber threats
• Summary
• Further reading

3. Chapter 2: Concepts of Digital Forensics and Incident Response

• Concepts of digital forensics and incident response (DFIR)
• Digital evidence and forensics artifacts
• Incident response standards and frameworks
• Defining an incident response posture
• Summary
• Further reading

4. Chapter 3: Basics of the Incident Response and Triage Procedures

• Technical requirements
• Principles of first response
• Triage – concept and procedures
• First response procedures in different scenarios
• First response toolkit
• Summary
• Further reading

5. Chapter 4: Applying First Response Procedures

• Technical requirements
• Case study – a data breach incident
• Following first-response procedures
• Summary
• Further reading

6. Section 2: Getting to Know the Adversaries

7. Chapter 5: Identifying and Profiling Threat Actors

• Technical requirements
• Exploring the different types of threat actors
• Researching adversaries and threat actors
• Creating threat actor and campaign profiles
• Summary
• Further reading

8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework

• Technical requirements
• Introducing the Cyber Kill Chain framework
• Understanding the MITRE ATT&CK framework
• Discovering and containing malicious behaviors
• Summary
• Further reading

9. Chapter 7: Using Cyber Threat Intelligence in Incident Response

• Technical requirements
• The Diamond Model of Intrusion Analysis
• Mapping ATT&CK TTPs from CTI reports
• Integrating CTI into IR reports
• Summary
• Further reading

10. Section 3: Designing and Implementing Incident Response in Organizations

11. Chapter 8: Building an Incident Response Capability

• Technical requirements
• Taking a proactive approach to incident response
• Building an incident response program
• Aligning the incident response plan, the business continuity plan, and the disaster recovery plan
• Summary
• Further reading

12. Chapter 9: Creating Incident Response Plans and Playbooks

• Technical requirements
• Creating IRPs
• Creating IR playbooks
• Testing IRPs and playbooks
• Summary
• Further reading

13. Chapter 10: Implementing an Incident Management System

• Technical requirements
• Understanding the TheHive architecture
• Setting up TheHive and creating cases
• Creating and managing cases
• Integrating intelligence with Cortex
• Summary
• Further reading

14. Chapter 11: Integrating SOAR Capabilities into Incident Response

• Technical requirements
• Understanding the principles and capabilities of SOAR
• A SOAR use case – identifying malicious communications
• Escalating incidents from detection
• Automating the IR and investigation processes
• Summary
• Further reading

15. Section 4: Improving Threat Detection in Incident Response

16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response

• Technical requirements
• Configuring the detection lab
• Identifying and containing threats
• Implementing principles of detection engineering in incident response
• Using MITRE CAR, Invoke-AtomicRedTeam, and testing analytics
• Summary

17. Chapter 13: Creating and Deploying Detection Rules

• Technical requirements
• Introduction to detection rules
• Detecting malicious files using YARA rules
• Analyzing and identifying patterns in files
• Detecting potential threats using YARA rules
• Detecting malicious behavior using Sigma rules
• Summary
• Further reading

18. Chapter 14: 
Hunting and Investigating Security Incidents

• Technical requirements
• Responding to a data breach incident
• Opening a new IR case
• Investigating the security incident
• Summary
• Why subscribe?

19. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts