Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Automating Security Detection Engineering
  • Table Of Contents Toc
Automating Security Detection Engineering

Automating Security Detection Engineering

By : Dennis Chow
4.6 (11)
close
close
Automating Security Detection Engineering

Automating Security Detection Engineering

4.6 (11)
By: Dennis Chow

Overview of this book

Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases. You’ll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you’ll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs. By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise.
Table of Contents (16 chapters)
close
close
Lock Free Chapter
1
Part 1: Automating Detection Inputs and Deployments
6
Part 2: Automating Validations within CI/CD Pipelines
10
Part 3: Monitoring Program Effectiveness

Executing Live-Fire Asynchronous Tests

As we progress through the chapter, we have been able to create very useful and realistic opportunistic testing based on our payloads. With in-line testing, we ensure that no rule gets deployed to production or gets rolled back if a test fails. However, we also saw in the prior labs that there is significantly more components to configure and maintain. A potential alternative is to have closely emulated testing combined with an asynchronous workstream. Thinking back to integration testing purposes in the context of detection engineering; we are looking for edge cases where external environment or different conditions may cause a detection to fail outside of the unit level testing.

By the same rationale, more complex systems and conditions to discover problems with the detection also give more opportunities to fail on abnormal conditions. For example, let’s say your self-hosted runner was patched or upgraded packages where some of your...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Automating Security Detection Engineering
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon