Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Practical Threat Detection Engineering
  • Table Of Contents Toc
  • Feedback & Rating feedback
Practical Threat Detection Engineering

Practical Threat Detection Engineering

By : Megan Roddie, Jason Deyalsingh, Gary J. Katz
4.7 (20)
Buy this Book
close
close
Practical Threat Detection Engineering

Practical Threat Detection Engineering

4.7 (20)
By: Megan Roddie, Jason Deyalsingh, Gary J. Katz
Buy this Book

Overview of this book

Threat validation is the backbone of every strong security detection strategy—it ensures your detection pipeline is effective, reliable, and resilient against real-world threats. This comprehensive guide is designed for those new to detection validation, offering clear, actionable frameworks to help you assess, test, and refine your security detections with confidence. Covering the entire detection lifecycle, from development to validation, this book provides real-world examples, hands-on tutorials, and practical projects to solidify your skills. Beyond just technical know-how, this book empowers you to build a career in detection engineering, equipping you with the essential expertise to thrive in today’s cybersecurity landscape. By the end of this book, you'll have the tools and knowledge to fortify your organization’s defenses, enhance detection accuracy, and stay ahead of cyber threats.
Table of Contents (20 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Introduction to Detection Engineering
Icon
Part 1: Introduction to Detection Engineering
Lock Free Chapter
2
Chapter 1: Fundamentals of Detection Engineering
chevron up
Icon
Chapter 1: Fundamentals of Detection Engineering
Icon
Foundational concepts
Icon
The value of a detection engineering program
Icon
A guide to using this book
Icon
Summary
3
Chapter 2: The Detection Engineering Life Cycle
Icon
Chapter 2: The Detection Engineering Life Cycle
Icon
Phase 1 – Requirements Discovery
Icon
Exercise – understanding your organization’s detection requirement sources
Icon
Phase 2 – Triage
Icon
Phase 3 – Investigate
Icon
Phase 4 – Develop
Icon
Phase 5 – Test
Icon
Phase 6 – Deploy
Icon
Summary
4
Chapter 3: Building a Detection Engineering Test Lab
Icon
Chapter 3: Building a Detection Engineering Test Lab
Icon
Technical requirements
Icon
The Elastic Stack
Icon
Setting up Fleet Server
Icon
Building your first detection
Icon
Additional resources
Icon
Summary
5
Part 2: Detection Creation
Icon
Part 2: Detection Creation
6
Chapter 4: Detection Data Sources
Icon
Chapter 4: Detection Data Sources
Icon
Technical requirements
Icon
Understanding data sources and telemetry
Icon
Looking at data source issues and challenges
Icon
Adding data sources
Icon
Summary
Icon
Further reading
7
Chapter 5: Investigating Detection Requirements
Icon
Chapter 5: Investigating Detection Requirements
Icon
Revisiting the phases of detection requirements
Icon
Discovering detection requirements
Icon
Triaging detection requirements
Icon
Investigating detection requirements
Icon
Summary
8
Chapter 6: Developing Detections Using Indicators of Compromise
Icon
Chapter 6: Developing Detections Using Indicators of Compromise
Icon
Technical requirements
Icon
Leveraging indicators of compromise for detection
Icon
Scenario 1 lab
Icon
Summary
Icon
Further reading
9
Chapter 7: Developing Detections Using Behavioral Indicators
Icon
Chapter 7: Developing Detections Using Behavioral Indicators
Icon
Technical requirements
Icon
Detecting adversary tools
Icon
Detecting tactice, techniques, and procedures (TTPs)
Icon
Summary
10
Chapter 8: Documentation and Detection Pipelines
Icon
Chapter 8: Documentation and Detection Pipelines
Icon
Documenting a detection
Icon
Exploring the detection repository
Icon
Summary
11
Part 3: Detection Validation
Icon
Part 3: Detection Validation
12
Chapter 9: Detection Validation
Icon
Chapter 9: Detection Validation
Icon
Technical requirements
Icon
Understanding the validation process
Icon
Understanding purple team exercises
Icon
Simulating adversary activity
Icon
Using validation results
Icon
Summary
Icon
Further reading
13
Chapter 10: Leveraging Threat Intelligence
Icon
Chapter 10: Leveraging Threat Intelligence
Icon
Technical requirements
Icon
Threat intelligence overview
Icon
Threat intelligence in the detection engineering life cycle
Icon
Threat intelligence for detection engineering in practice
Icon
Threat assessments
Icon
Resources and further reading
Icon
Summary
14
Part 4: Metrics and Management
Icon
Part 4: Metrics and Management
15
Chapter 11: Performance Management
Icon
Chapter 11: Performance Management
Icon
Introduction to performance management
Icon
Assessing the maturity of your detection program
Icon
Measuring the efficiency of a detection engineering program
Icon
Measuring the effectiveness of a detection engineering program
Icon
Calculating a detection’s efficacy
Icon
Summary
Icon
Further reading
16
Part 5: Detection Engineering as a Career
Icon
Part 5: Detection Engineering as a Career
17
Chapter 12: Career Guidance for Detection Engineers
Icon
Chapter 12: Career Guidance for Detection Engineers
Icon
Getting a job in detection engineering
Icon
Detection engineering as a job
Icon
The future of detection engineering
Icon
Summary
18
Index
Icon
Index
Icon
Why subscribe?
19
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Fundamentals of Detection Engineering

Across nearly every industry, a top concern for executives and board members is the security of their digital assets. It’s an understandable concern, given that companies are now more interconnected and reliant on technology than ever before. Digital assets and their supporting infrastructure comprise ever-increasing portions of a typical organization’s inventory. Additionally, more processes are becoming reliant on robust communication technologies. In most cases, these technologies enable companies to operate more effectively. The management and defense of this new digital landscape, however, can be challenging for organizations of any size.

Additionally, where sophisticated attacks used to be limited to nation-state adversaries, the increased interconnectedness of technology, coupled with the emergence of cryptocurrencies, creates a near-perfect environment for cyber criminals to operate in. The addition of sophisticated threat actors motivated by financial gain rather than those limited to nation-state motivations has dramatically broadened the number of organizations that must be able to identify and respond to such threats. Stopping these attacks requires increased agility by an organization to combat the adversary. A detection engineering program provides that agility, improving an organization’s ops tempo to operationalize intelligence about new threats. The primary goal of detection engineering is to develop the rules or algorithmic models to automatically identify the presence of threat actors, or malicious activity in general, promptly so that the relevant teams can take mitigative action.

In this chapter, we will discuss several topics that will provide you with knowledge that will be relevant throughout this book:

  • Foundational concepts, such as attack frameworks, common attack types, and the definition of detection engineering
  • The value of a detection engineering program
  • An overview of this book
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Practical Threat Detection Engineering
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon