Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Checkout

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag Great Britain
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Singapore
Country selected
country flag Hungary
Country selected
country flag Philippines
Country selected
country flag Mexico
Country selected
country flag Thailand
Country selected
country flag Ukraine
Country selected
country flag Luxembourg
Country selected
country flag Estonia
Country selected
country flag Lithuania
Country selected
country flag Norway
Country selected
country flag Chile
Country selected
country flag South Korea
Country selected
country flag Ecuador
Country selected
country flag Colombia
Country selected
country flag Taiwan
Country selected
country flag Switzerland
Country selected
country flag Indonesia
Country selected
country flag Cyprus
Country selected
country flag Denmark
Country selected
country flag Finland
Country selected
country flag Poland
Country selected
country flag Malta
Country selected
country flag Czechia
Country selected
country flag New Zealand
Country selected
country flag Austria
Country selected
country flag Turkey
Country selected
country flag Sweden
Country selected
country flag Italy
Country selected
country flag Egypt
Country selected
country flag Belgium
Country selected
country flag Portugal
Country selected
country flag Slovenia
Country selected
country flag Ireland
Country selected
country flag Romania
Country selected
country flag Greece
Country selected
country flag Argentina
Country selected
country flag Malaysia
Country selected
country flag South Africa
Country selected
country flag Netherlands
Country selected
country flag Bulgaria
Country selected
country flag Latvia
Country selected
country flag Japan
Country selected
country flag Slovakia
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Purple Team Strategies

You're reading from   Purple Team Strategies Enhancing global security posture through uniting red and blue teams with adversary emulation

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801074292
Length 450 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (4):
Arrow left icon
David Routin David Routin
Author Profile Icon David Routin
David Routin
LinkedIn
David Routin started, in his teens, to learn cybersecurity in the 90s, the passion is continued through various contributions or projects such as MITRE ATT&CK framework, SIGMA, vulnerability disclosures (Microsoft), public events speaking and multiple publications from French MISC magazine to this book.nAs a professional, he owned various positions from security engineer to CISO. For the last ten years as Security Operations Center Manager roles, he built and operated multiple SOC for MSSP or private companies. His areas of expertise are SOC, Blue & Purple teaming, incident response, forensic (SANS GCIH/GCFA), detection engineering, management and compliance (ISO27001 or PCI).
Read more
See other products by David Routin
Samuel Rossier Samuel Rossier
Author Profile Icon Samuel Rossier
Samuel Rossier
Samuel Rossier is currently SOC lead within a government entity where he focuses on detection engineering, incident response, automation, and cyber threat intelligence. He is also a teaching assistant at the SANS Institute. He was previously responsible for a private bank group CIRT, and also worked as an SOC manager within an MSSP. He also spent several years within a consulting cybersecurity practice.nSamuel currently holds a master's degree in information systems and several information security certifications, including GRID, GMON, eCIR, eCTHP, eCRE, eNDP, and eJPT.nHe is also a contributor to the MITRE D3FEND and SIGMA frameworks and likes to speak at conferences and analyze malware. He values a strong emphasis on the people dimension of cybersecurity by sharing knowledge.
Read more
See other products by Samuel Rossier
Simon Thoores Simon Thoores
Author Profile Icon Simon Thoores
Simon Thoores
Simon Thoores is a cybersecurity analyst specialized in Forensic and Incident Response. He started his career as a Security Analyst after obtaining an Engineering diploma in Information System architecture focus on security. He built his forensics and reverse engineering skills during large-scale incident responses from malware and ransomware attacks to more advanced attacks for a wide variety of environments, he finally certified these skills with GCFA. Then he moved to the Cyber Threat Intelligence field to better understand attacker methodologies to align and strengthen response and support for his clients. Lately he decided to put his skills and knowledges to emulate threat actors to help customer improve their security.
Read more
See other products by Simon Thoores
Michael Molho Michael Molho
Author Profile Icon Michael Molho
Michael Molho
LinkedIn
Read more
See other products by Michael Molho
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Concept, Model, and Methodology
2. Chapter 1: Contextualizing Threats and Today's Challenges FREE CHAPTER 3. Chapter 2: Purple Teaming – a Generic Approach and a New Model 4. Chapter 3: Carrying out Adversary Emulation with CTI 5. Chapter 4: Threat Management – Detecting, Hunting, and Preventing 6. Part 2: Building a Purple Infrastructure
7. Chapter 5: Red Team Infrastructure 8. Chapter 6: Blue Team – Collect 9. Chapter 7: Blue Team – Detect 10. Chapter 8: Blue Team – Correlate 11. Chapter 9: Purple Team Infrastructure 12. Part 3: The Most Common Tactics, Techniques, and Procedures (TTPs) and Defenses
13. Chapter 10: Purple Teaming the ATT&CK Tactics 14. Part 4: Assessing and Improving
15. Chapter 11: Purple Teaming with BAS and Adversary Emulation 16. Chapter 12: PTX – Purple Teaming eXtended 17. Chapter 13: PTX – Automation and DevOps Approach 18. Chapter 14: Exercise Wrap-Up and KPIs 19. Other Books You May Enjoy

SIEM and analytics solutions

A SIEM solution is a key component of any blue team arsenal. Many companies offer SIEM solutions, including Splunk, Elastic, IBM (QRadar), HP (ArcSight), XPalo Alto Networks (XSIAM), LogRhythm, and Exabeam, to mention a few.

The main goal of a SIEM solution is to collect data as inputs, centralize them, and allow correlations between those events with the objective of providing alerts, dashboards, or reports as outputs. We can define a high-level workflow of a SIEM system with these different components (already described in Chapter 6, Blue Team – Collect):

  • Events collection: This is where we collect our raw data sources, such as Windows events, Linux logs, and intrusion detection system (IDS) events.
  • Event normalization: The collected events are normalized usually using a data model such as Splunk Common Information Model (CIM) or Elastic Common Schema (ECS). At this step, a field called username for one data source and a field called...
lock icon The rest of the chapter is locked
arrow left Previous Section
Section 4 of 6
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $19.99/month. Cancel anytime

Authors (4)

Left arrow icon
Profile icon Molho
Molho
Github icon
Read more
See other products by Molho
Profile icon Routin
Routin
David Routin started, in his teens, to learn cybersecurity in the 90s, the passion is continued through various contributions or projects such as MITRE ATT&CK framework, SIGMA, vulnerability disclosures (Microsoft), public events speaking and multiple publications from French MISC magazine to this book. As a professional, he owned various positions from security engineer to CISO. For the last ten years as Security Operations Center Manager roles, he built and operated multiple SOC for MSSP or private companies. His areas of expertise are SOC, Blue & Purple teaming, incident response, forensic (SANS GCIH/GCFA), detection engineering, management and compliance (ISO27001 or PCI).
Read more
See other products by Routin
Profile icon Rossier
Rossier
Samuel Rossier is currently SOC lead within a government entity where he focuses on detection engineering, incident response, automation, and cyber threat intelligence. He is also a teaching assistant at the SANS Institute. He was previously responsible for a private bank group CIRT, and also worked as an SOC manager within an MSSP. He also spent several years within a consulting cybersecurity practice. Samuel currently holds a master's degree in information systems and several information security certifications, including GRID, GMON, eCIR, eCTHP, eCRE, eNDP, and eJPT. He is also a contributor to the MITRE D3FEND and SIGMA frameworks and likes to speak at conferences and analyze malware. He values a strong emphasis on the people dimension of cybersecurity by sharing knowledge.
Read more
See other products by Rossier
Profile icon Thoores
Thoores
Simon Thoores is a cybersecurity analyst specialized in Forensic and Incident Response. He started his career as a Security Analyst after obtaining an Engineering diploma in Information System architecture focus on security. He built his forensics and reverse engineering skills during large-scale incident responses from malware and ransomware attacks to more advanced attacks for a wide variety of environments, he finally certified these skills with GCFA. Then he moved to the Cyber Threat Intelligence field to better understand attacker methodologies to align and strengthen response and support for his clients. Lately he decided to put his skills and knowledges to emulate threat actors to help customer improve their security.
Read more
See other products by Thoores
Right arrow icon
Banner background image

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Right arrow icon