Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag United Kingdom
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Argentina
Country selected
country flag Austria
Country selected
country flag Belgium
Country selected
country flag Bulgaria
Country selected
country flag Chile
Country selected
country flag Colombia
Country selected
country flag Cyprus
Country selected
country flag Czechia
Country selected
country flag Denmark
Country selected
country flag Ecuador
Country selected
country flag Egypt
Country selected
country flag Estonia
Country selected
country flag Finland
Country selected
country flag Greece
Country selected
country flag Hungary
Country selected
country flag Indonesia
Country selected
country flag Ireland
Country selected
country flag Italy
Country selected
country flag Japan
Country selected
country flag Latvia
Country selected
country flag Lithuania
Country selected
country flag Luxembourg
Country selected
country flag Malaysia
Country selected
country flag Malta
Country selected
country flag Mexico
Country selected
country flag Netherlands
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Portugal
Country selected
country flag Romania
Country selected
country flag Singapore
Country selected
country flag Slovakia
Country selected
country flag Slovenia
Country selected
country flag South Africa
Country selected
country flag South Korea
Country selected
country flag Sweden
Country selected
country flag Switzerland
Country selected
country flag Taiwan
Country selected
country flag Thailand
Country selected
country flag Turkey
Country selected
country flag Ukraine
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Incident Response with Threat Intelligence

You're reading from   Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801072953
Length 468 pages
Edition 1st Edition
Languages
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Roberto Martinez Roberto Martinez
Author Profile Icon Roberto Martinez
Roberto Martinez
LinkedIn
Roberto Martinez, works as a Senior Security Researcher at Kaspersky's Global Research and Analysis Team (GReAT) since April 2012, doing research to detect and identify new Security Threats, responding to Security Incidents, and presenting at security events worldwide.nHe also collaborates as an Expert Associate Professor at Tec de Monterrey University and is currently an active member of the HTCIA (High Technology Crime Investigation Association).nRoberto has more than 15 years of experience in cybersecurity, working in different fields as Offensive Security, Incident Response, Digital Forensic Investigation, Threat Hunting, Threat Intelligence, and Malware Analysis.nBefore this, he worked as a consultant and instructor specializing in security for governments, financial institutions, and private corporations in Latin America.
Read more
See other products by Roberto Martinez
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Section 1: The Fundamentals of Incident Response
2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER 3. Chapter 2: Concepts of Digital Forensics and Incident Response 4. Chapter 3: Basics of the Incident Response and Triage Procedures 5. Chapter 4: Applying First Response Procedures 6. Section 2: Getting to Know the Adversaries
7. Chapter 5: Identifying and Profiling Threat Actors 8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework 9. Chapter 7: Using Cyber Threat Intelligence in Incident Response 10. Section 3: Designing and Implementing Incident Response in Organizations
11. Chapter 8: Building an Incident Response Capability 12. Chapter 9: Creating Incident Response Plans and Playbooks 13. Chapter 10: Implementing an Incident Management System 14. Chapter 11: Integrating SOAR Capabilities into Incident Response 15. Section 4: Improving Threat Detection in Incident Response
16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response 17. Chapter 13: Creating and Deploying Detection Rules 18. Chapter 14: 
Hunting and Investigating Security Incidents 19. Other Books You May Enjoy

Opening a new IR case

Once we validate that this malicious file is related to the incident, we will open a new case from the alert, using the new Cases tool integrated into Security Onion. Here's how to do this:

  1. In Security Onion's Alerts console, on the ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server) event, click on the Escalate button, then select Escalate to new case (remember to filter based on date, as you did in the Starting the investigation section of this chapter), as illustrated in the following screenshot:

Figure 14.25 – Escalating an alert to create a new case

  1. Go to the Cases panel on Security Onion, and you will see listed the recent case created, as shown in the following screenshot:

Figure 14.26 – Looking for cases in the Cases panel

  1. To edit and manage the case, click on the View button, as illustrated in the following screenshot...
lock icon The rest of the chapter is locked
arrow left Previous Section
Section 4 of 7
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $19.99/month. Cancel anytime

Authors (1)

Profile icon Martinez
Martinez
Emilio Rodriguez Martinez is a senior software engineer who has been working on highly demanding JavaScript projects since 2010. He transitioned from web development positions into mobile development, first with hybrid technologies such as Cordova and then with native JavaScript solutions such as Titanium. In 2015, he focused on the development and maintenance of several apps built in React Native, some of which were featured in Apple's App Store as the top apps of the week. He is also an active contributor to React Native's codebase and Stack Overflow, where he provides advice on React and React Native questions.
Read more
See other products by Martinez

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Mastering Customer Success
Mastering Customer Success
Read more
This guide unveils strategies to cultivate enduring customer relationships. Grounded in effective communication and problem-solving, it shows you how to harness cross-functional collaboration for competitive advantage.
Read more
May 2024 5h 40m
Architecting Salesforce Success
Architecting Salesforce Success
Read more
This book provides you with a roadmap to becoming a successful Salesforce Architect. Covering common pitfalls and valuable insights, this book prepares you to transition to the role of a Salesforce Architect.
Read more
Jun 2024 2h 4m
The SketchUp Handbook for Interior Design
The SketchUp Handbook for Interior Design
Read more
The SketchUp Handbook for Interior Design walks interior designers and architects through SketchUp Pro and Studio at an intermediate+ level, covering topics and tools specific to the world of design.
Read more
Jun 2024 19h 56m
Power Platform and the AI Revolution
Power Platform and the AI Revolution
Read more
Learn how to integrate cutting-edge AI technology into business operations and tap into AI services within Power Platform to enable automation and develop apps and chatbots to achieve heightened productivity and efficiency.
Read more
May 2024 11h 52m
Mastering Project Management with ClickUp for Work and Home Life Balance
Mastering Project Management with ClickUp for Work and Home Life Balance
Read more
This book will guide you in using ClickUp to become a power user of your life. You'll learn practical strategies for setup, project management, and AI integration to optimize workflow, boost productivity, and manage time effectively.
Read more
Jun 2024 10h 16m
Mastering UI Development with Unity
Mastering UI Development with Unity
Read more
With Unity's robust toolkit, you can create visually appealing UIs to give your games a professional look and feel. This book will help you realize the full potential of the UI systems provided by Unity, so you can create the best UI for your games.
Read more
Jun 2024 21h 16m
Autodesk Civil 3D 2025 Unleashed
Autodesk Civil 3D 2025 Unleashed
Read more
This book is a comprehensive guide to using Autodesk Civil 3D. You'll progress from design customization with extensions and information management to project extension, preparing you for a successful career in civil engineering.
Read more
Jul 2024 10h 28m
Mastering Salesforce Experience Cloud
Mastering Salesforce Experience Cloud
Read more
Mastering Salesforce Experience Cloud covers every facet of the platform, from technical reviews to implementation, business transformation, and long-term growth strategies. Learn to maximize the potential of Salesforce Experience Cloud.
Read more
Oct 2024 10h 56m
Mastering the Art of Sales Engineering
Mastering the Art of Sales Engineering
Read more
This book covers what a sales engineer is and does, and why this is a highly paid and coveted role. The authors share their vast experience to help you learn daily operations and skills to advance your sales career.
Read more
Sep 2024 10h 32m
Taking Tinkercad to the Next Level
Taking Tinkercad to the Next Level
Read more
Tinkercad users familiar with the basic functionality will learn to create complex shapes and multi-part designs with this book on advanced modeling. It covers strategies and techniques for modeling and designing for production with 3D printers.
Read more
Sep 2024 13h 56m
Right arrow icon