0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Practical Threat Detection Engineering

You're reading from Practical Threat Detection Engineering A hands-on guide to planning, developing, and validating detection capabilities

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781801076715

Length 328 pages

Edition 1st Edition

Tools

ExpressionEngine

Concepts

Threat Hunting

Authors (3):

Megan Roddie

Jason Deyalsingh

Gary J. Katz

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Introduction to Detection Engineering

2. Chapter 1: Fundamentals of Detection Engineering FREE CHAPTER

3. Chapter 2: The Detection Engineering Life Cycle

4. Chapter 3: Building a Detection Engineering Test Lab

5. Part 2: Detection Creation

6. Chapter 4: Detection Data Sources

7. Chapter 5: Investigating Detection Requirements

8. Chapter 6: Developing Detections Using Indicators of Compromise

9. Chapter 7: Developing Detections Using Behavioral Indicators

10. Chapter 8: Documentation and Detection Pipelines

11. Part 3: Detection Validation

12. Chapter 9: Detection Validation

13. Chapter 10: Leveraging Threat Intelligence

14. Part 4: Metrics and Management

15. Chapter 11: Performance Management

16. Part 5: Detection Engineering as a Career

17. Chapter 12: Career Guidance for Detection Engineers

18. Index

Why subscribe?

19. Other Books You May Enjoy

Understanding the validation process

The execution of cyber security validation is very similar to typical adversary simulation exercises. The emphasis, however, is on producing data that can be compared against a set of performance criteria defined for each defensive control. In broad terms, validation can be executed in three phases:

Planning: This is easily the most important phase. During this phase, the objectives of the validation exercise are defined, along with the scope, timelines, and stakeholders. The specific defensive capabilities targeted for validation and the criteria for determining their effectiveness are rigidly defined during this phase. Each validation needs to be mapped to a specific defensive control or controls, expected outcomes, and criteria for measuring the performance of the control(s). It is important at this time to also understand the possible limitations of each validation. For example, an organization may want to test T1048: Exfiltration over...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Megan Roddie

Megan Roddie

Megan Roddie is an experienced information security professional with a diverse background ranging from incident response to threat intelligence to her current role as a detection engineer. Additionally, Megan is a course author and instructor with the SANS Institute where she regularly publishes research on cloud incident response and forensics. Outside of the cyber security industry, Megan trains and competes as a high-level amateur Muay Thai fighter in Austin, TX.

See other products by Megan Roddie

Gary J. Katz

Gary J. Katz

Gary J. Katz is still trying to figure out what to do with his life while contemplating what its purpose really is. While not spiraling into this metaphysical black hole compounded by the plagues and insanity of this world, he sometimes thinks about cyber security problems and writes them down. These ruminations are, on occasion, captured in articles and books.

See other products by Gary J. Katz

Jason Deyalsingh

Jason Deyalsingh

Jason Deyalsingh is an experienced consultant with over nine years of experience in the cyber security space. He has spent the last 5 years focused on digital forensics and incident response (DFIR). His current hobbies include playing with data and failing to learn Rust.

See other products by Jason Deyalsingh

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m