You're reading from Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781801072953

Length 468 pages

Edition 1st Edition

Languages

C++

Tools

Kali Linux

Concepts

Information Management

Author (1):

Roberto Martinez

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: The Fundamentals of Incident Response

2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER

3. Chapter 2: Concepts of Digital Forensics and Incident Response

4. Chapter 3: Basics of the Incident Response and Triage Procedures

5. Chapter 4: Applying First Response Procedures

6. Section 2: Getting to Know the Adversaries

7. Chapter 5: Identifying and Profiling Threat Actors

8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework

9. Chapter 7: Using Cyber Threat Intelligence in Incident Response

10. Section 3: Designing and Implementing Incident Response in Organizations

11. Chapter 8: Building an Incident Response Capability

12. Chapter 9: Creating Incident Response Plans and Playbooks

13. Chapter 10: Implementing an Incident Management System

14. Chapter 11: Integrating SOAR Capabilities into Incident Response

15. Section 4: Improving Threat Detection in Incident Response

16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response

17. Chapter 13: Creating and Deploying Detection Rules

18. Chapter 14:  Hunting and Investigating Security Incidents

19. Other Books You May Enjoy

Preface

Incident response is fundamental and necessary for organizations' cybersecurity, regardless of their size. This book provides helpful information to professionals who work in large companies with a certain level of maturity in incident response and those who work in small or medium-sized companies, where there are no areas dedicated to this field.

I wrote this book with a broad approach that converges diverse disciplines, such as threat intelligence, threat hunting, and detection engineering. The different chapters show how the orchestration of these activities using the appropriate technologies can improve the capacity to respond to security incidents that can impact organizations.

There are four sections in this book. The first section covers the basic concepts of incident response, the first response procedures, and the tools to collect the artifacts from different devices.

In the second section, we will analyze the distinct types of threat actors from a broad perspective, considering their motivations and capabilities, under the principle that the best form of defense strategy is taking advantage of the knowledge of adversaries.

The third section covers the main aspects of implementing an incident response program, including the incident response plan and actionable playbooks based on different scenarios. This section also covers the technologies that support incident management and the integration of monitoring, detection, and investigation systems.

Finally, the fourth section covers critical aspects related to a proactive detection posture in the search and detection of attack indicators that speed up a threat's response and containment times to minimize its impact and thus prevent adversaries from achieving their objective.