Book Image

Practical Threat Detection Engineering

By : Megan Roddie, Jason Deyalsingh, Gary J. Katz
5 (2)
Book Image

Practical Threat Detection Engineering

5 (2)
By: Megan Roddie, Jason Deyalsingh, Gary J. Katz

Overview of this book

Threat validation is an indispensable component of every security detection program, ensuring a healthy detection pipeline. This comprehensive detection engineering guide will serve as an introduction for those who are new to detection validation, providing valuable guidelines to swiftly bring you up to speed. The book will show you how to apply the supplied frameworks to assess, test, and validate your detection program. It covers the entire life cycle of a detection, from creation to validation, with the help of real-world examples. Featuring hands-on tutorials and projects, this guide will enable you to confidently validate the detections in your security program. This book serves as your guide to building a career in detection engineering, highlighting the essential skills and knowledge vital for detection engineers in today's landscape. By the end of this book, you’ll have developed the skills necessary to test your security detection program and strengthen your organization’s security measures.
Table of Contents (20 chapters)
1
Part 1: Introduction to Detection Engineering
5
Part 2: Detection Creation
11
Part 3: Detection Validation
14
Part 4: Metrics and Management
16
Part 5: Detection Engineering as a Career

Investigating Detection Requirements

In Chapter 4, we discussed the various data sources that may be leveraged for creating and implementing detections. We also provided guidance on understanding what data sources provide the most value to your organization. Lastly, a new data source was added to our Elastic Stack as part of a lab demonstrating the inclusion of additional data sources.

Now that we know how to get data flowing through our detection engineering lab, we can begin discussing the detections themselves. In this chapter, we’ll specifically discuss prioritizing detection requirements, establishing a detection repository, and how to deploy detection code.

We will cover the following main topics in this chapter:

  • Revisiting the phases of detection requirements
  • Discovering detection requirements
  • Triaging detection requirements
  • Investigating detection requirements