You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801072953

Length 468 pages

Edition 1st Edition

Languages

C++

Tools

Kali Linux

Concepts

Information Management

Author (1):

Roberto Martinez

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: The Fundamentals of Incident Response

2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER

3. Chapter 2: Concepts of Digital Forensics and Incident Response

4. Chapter 3: Basics of the Incident Response and Triage Procedures

5. Chapter 4: Applying First Response Procedures

6. Section 2: Getting to Know the Adversaries

7. Chapter 5: Identifying and Profiling Threat Actors

8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework

9. Chapter 7: Using Cyber Threat Intelligence in Incident Response

10. Section 3: Designing and Implementing Incident Response in Organizations

11. Chapter 8: Building an Incident Response Capability

12. Chapter 9: Creating Incident Response Plans and Playbooks

13. Chapter 10: Implementing an Incident Management System

14. Chapter 11: Integrating SOAR Capabilities into Incident Response

15. Section 4: Improving Threat Detection in Incident Response

16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response

17. Chapter 13: Creating and Deploying Detection Rules

18. Chapter 14:  Hunting and Investigating Security Incidents

19. Other Books You May Enjoy

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To start using this virtual pre-installed version of TheHive, you need to import the downloaded .ova file using VMware Workstation Player."

A block of code is set as follows:

detection:
  selection1:
    EventID: 1
  selection2:
    Image|contains:

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

import "pe"
rule procdump_tool {
    meta:
        description = "Simple YARA rule to detect the presence of Sysinternals Procdump"
        version = "1.0"

Any command-line input or output is written as follows:

sudo so-status

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "On TheHive's main dashboard, click on the New Organization button."

Tips or Important Notes

Appear like this.