0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Practical Threat Detection Engineering

You're reading from Practical Threat Detection Engineering A hands-on guide to planning, developing, and validating detection capabilities

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781801076715

Length 328 pages

Edition 1st Edition

Tools

ExpressionEngine

Concepts

Threat Hunting

Authors (3):

Megan Roddie

Jason Deyalsingh

Gary J. Katz

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Introduction to Detection Engineering

2. Chapter 1: Fundamentals of Detection Engineering FREE CHAPTER

3. Chapter 2: The Detection Engineering Life Cycle

4. Chapter 3: Building a Detection Engineering Test Lab

5. Part 2: Detection Creation

6. Chapter 4: Detection Data Sources

7. Chapter 5: Investigating Detection Requirements

8. Chapter 6: Developing Detections Using Indicators of Compromise

9. Chapter 7: Developing Detections Using Behavioral Indicators

10. Chapter 8: Documentation and Detection Pipelines

11. Part 3: Detection Validation

12. Chapter 9: Detection Validation

13. Chapter 10: Leveraging Threat Intelligence

14. Part 4: Metrics and Management

15. Chapter 11: Performance Management

16. Part 5: Detection Engineering as a Career

17. Chapter 12: Career Guidance for Detection Engineers

18. Index

Why subscribe?

19. Other Books You May Enjoy

Building your first detection

Detections monitor data stores for specified patterns and then take some action when a pattern match occurs. These actions can be anything from adding data to a queue to triggering an alert that sends a message to a defined audience. To see some of this in action, in this section, we will walk through the process of creating a very simple detection, or rule, for failed login attempts that rise over a specified threshold.

It’s important to emphasize that this is not a very good detection for reasons we will elaborate on in later chapters, but it will give you an understanding of the general mechanics of detections:

First, log in to your Elastic Stack and click the hamburger icon from the top-left corner. Then, navigate to Manage under the Security section. From there, click on Rules. This will take us to the Create new rule page.
Click Threshold, leave the default sources as is, then enter event.code: 4625 AND winlog.channel: &quot...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Megan Roddie

Megan Roddie

Megan Roddie is an experienced information security professional with a diverse background ranging from incident response to threat intelligence to her current role as a detection engineer. Additionally, Megan is a course author and instructor with the SANS Institute where she regularly publishes research on cloud incident response and forensics. Outside of the cyber security industry, Megan trains and competes as a high-level amateur Muay Thai fighter in Austin, TX.

See other products by Megan Roddie

Gary J. Katz

Gary J. Katz

Gary J. Katz is still trying to figure out what to do with his life while contemplating what its purpose really is. While not spiraling into this metaphysical black hole compounded by the plagues and insanity of this world, he sometimes thinks about cyber security problems and writes them down. These ruminations are, on occasion, captured in articles and books.

See other products by Gary J. Katz

Jason Deyalsingh

Jason Deyalsingh

Jason Deyalsingh is an experienced consultant with over nine years of experience in the cyber security space. He has spent the last 5 years focused on digital forensics and incident response (DFIR). His current hobbies include playing with data and failing to learn Rust.

See other products by Jason Deyalsingh

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m