You're reading from Threat Hunting with Elastic Stack Solve complex security challenges with integrated prevention, detection, and response

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801073783

Length 392 pages

Edition 1st Edition

Tools

Kibana

Concepts

Cybersecurity

Author (1):

Andrew Pease

View More author details

Table of Contents (18) Chapters

Preface

1. Section 1: Introduction to Threat Hunting, Analytical Models, and Hunting Methodologies

2. Chapter 1: Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks FREE CHAPTER

3. Chapter 2: Hunting Concepts, Methodologies, and Techniques

4. Section 2: Leveraging the Elastic Stack for Collection and Analysis

5. Chapter 3: Introduction to the Elastic Stack

6. Chapter 4: Building Your Hunting Lab – Part 1

7. Chapter 5: Building Your Hunting Lab – Part 2

8. Chapter 6: Data Collection with Beats and Elastic Agent

9. Chapter 7: Using Kibana to Explore and Visualize Data

10. Chapter 8: The Elastic Security App

11. Section 3: Operationalizing Threat Hunting

12. Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

13. Chapter 10: Leveraging Hunting to Inform Operations

14. Chapter 11: Enriching Data to Make Intelligence

15. Chapter 12: Sharing Information and Analysis

16. Assessments

17. Other Books You May Enjoy

Chapter 12: Sharing Information and Analysis

Being an amazing threat hunter is something to be proud of, there's no doubt about it. An adversary carrying out a delicate dance across network protocols, dipping and ducking in and through legitimate network traffic, only to be observed and recorded by an analyst with a keen eye is impressive. Monitoring and recording processes that have been started, stopped, or modified, collecting or compiling tools locally, and attempting to exfiltrate sensitive data is the nirvana for any threat actor – but the talented hunter and responder tracks and blocks all their tricks. This is the arms race of threat hunting, incident response, and information security as a whole.

All that said, no one can do all of this alone. It takes a team, both locally and at your fingertips, to enable the threat hunter to frustrate the adversary into failure. Rest assured: they have a team, and so should we. We can do this by sharing curated, contextual,...