You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801072953

Length 468 pages

Edition 1st Edition

Languages

C++

Tools

Kali Linux

Concepts

Information Management

Author (1):

Roberto Martinez

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: The Fundamentals of Incident Response

2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER

3. Chapter 2: Concepts of Digital Forensics and Incident Response

4. Chapter 3: Basics of the Incident Response and Triage Procedures

5. Chapter 4: Applying First Response Procedures

6. Section 2: Getting to Know the Adversaries

7. Chapter 5: Identifying and Profiling Threat Actors

8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework

9. Chapter 7: Using Cyber Threat Intelligence in Incident Response

10. Section 3: Designing and Implementing Incident Response in Organizations

11. Chapter 8: Building an Incident Response Capability

12. Chapter 9: Creating Incident Response Plans and Playbooks

13. Chapter 10: Implementing an Incident Management System

14. Chapter 11: Integrating SOAR Capabilities into Incident Response

15. Section 4: Improving Threat Detection in Incident Response

16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response

17. Chapter 13: Creating and Deploying Detection Rules

18. Chapter 14:  Hunting and Investigating Security Incidents

19. Other Books You May Enjoy

Creating threat actor and campaign profiles

Usually, Threat Intelligence Platforms (TIPs) have a section with the profiles of different threat actors, their characteristics, the campaigns attributed to them, and their main TTPs.

If you do not have access to a TIP, you can still consult the information about threat actor profiles and their malicious campaigns from public sources such as MITRE ATT&CK (https://attack.mitre.org/groups/), AT&T OTX (https://otx.alienvault.com/browse/global/adversaries), or this compilation created by industry colleagues: https://apt.threattracking.com.

However, these information sources cover only threat actors with a specific visibility level due to the nature of their attacks or the relevance of their targets. So, there will be many others that do not appear there, but they threaten organizations nonetheless.

Sometimes, organizations should create their own internal threat actor profiles and campaigns from their incident response...

The rest of the chapter is locked

You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Table of Contents (20) Chapters

Creating threat actor and campaign profiles

Authors (1)

Personalised recommendations for you

You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Table of Contents (20) Chapters

Creating threat actor and campaign profiles

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you