Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK(TM) Framework and open source tools
暫譯: 實用威脅情報與數據驅動的威脅獵捕:使用ATT&CK(TM)框架和開源工具的實作指南

Palacín, Valentina

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK(TM) Framework and open source tools
  • 出版商: Packt Publishing
  • 出版日期: 2021-02-12
  • 售價: $1,700
  • 貴賓價: 9.5$1,615
  • 語言: 英文
  • 頁數: 398
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1838556370
  • ISBN-13: 9781838556372
  • 相關分類: 駭客 Hack
  • 相關翻譯: ATT & CK 與威脅獵殺實戰 (簡中版)

    • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Get to grips with cyber threat intelligence and data-driven threat hunting while exploring expert tips and techniques

Key Features

  • Set up an environment to centralize all data in an Elasticsearch, Logstash, and Kibana (ELK) server that enables threat hunting
  • Carry out atomic hunts to start the threat hunting process and understand the environment
  • Perform advanced hunting using MITRE ATT&CK Evals emulations and Mordor datasets

Book Description

Threat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.

This book is not only an introduction for those who don't know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.

You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you'll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.

By the end of this book, you'll have the skills you need to be able to carry out effective hunts in your own environment.

What you will learn

  • Understand what CTI is, its key concepts, and how it is useful for preventing threats and protecting your organization
  • Explore the different stages of the TH process
  • Model the data collected and understand how to document the findings
  • Simulate threat actor activity in a lab environment
  • Use the information collected to detect breaches and validate the results of your queries
  • Use documentation and strategies to communicate processes to senior management and the wider business

Who this book is for

If you are looking to start out in the cyber intelligence and threat hunting domains and want to know more about how to implement a threat hunting division with open-source tools, then this cyber threat intelligence book is for you.

商品描述(中文翻譯)

掌握網路威脅情報與數據驅動的威脅獵捕,同時探索專家的技巧與技術

主要特點


  • 設置一個環境,將所有數據集中在 Elasticsearch、Logstash 和 Kibana (ELK) 伺服器中,以便進行威脅獵捕

  • 進行原子獵捕以啟動威脅獵捕過程並了解環境

  • 使用 MITRE ATT&CK Evals 模擬和 Mordor 數據集進行高級獵捕

書籍描述

威脅獵捕 (TH) 為網路安全分析師和企業提供了主動防禦的機會,讓他們能在威脅造成重大損害之前,先行掌握威脅。

本書不僅是對於那些對網路威脅情報 (CTI) 和威脅獵捕世界了解不多的讀者的入門介紹,也是對於那些在其他網路安全領域擁有更高知識,並希望從零開始實施威脅獵捕計劃的讀者的指導。

您將首先探索什麼是威脅情報,以及它如何用於檢測和預防網路威脅。隨著進展,您將學習如何收集數據,並通過開發數據模型來理解這些數據。本書還將向您展示如何使用開源工具設置威脅獵捕的環境。之後,您將專注於如何規劃獵捕,並提供實際範例,然後再探索 MITRE ATT&CK 框架。

在本書結束時,您將具備在自己環境中進行有效獵捕所需的技能。

您將學到什麼


  • 了解什麼是 CTI,其關鍵概念,以及它如何有助於預防威脅和保護您的組織

  • 探索威脅獵捕過程的不同階段

  • 對收集的數據進行建模,並了解如何記錄發現

  • 在實驗室環境中模擬威脅行為者的活動

  • 利用收集的信息檢測違規行為並驗證查詢結果

  • 使用文檔和策略向高層管理和更廣泛的業務溝通過程

本書適合誰

如果您希望在網路情報和威脅獵捕領域入門,並想了解如何使用開源工具實施威脅獵捕部門,那麼這本網路威脅情報書籍就是為您而寫的。

作者簡介

Valentina Palacín is a cyber threat intelligence analyst who specializes in tracking Advanced Persistent Threats (APTs) worldwide, using the MITRE ATT&CK Framework to analyze their tools, tactics, techniques, and procedures (TTPs). She is a self-taught developer and threat hunter with a degree in translation and interpretation from the Universidad de Málaga (UMA) and a cyber security diploma from Argentina's Universidad Tecnológica Nacional (UTN). Valentina also is one of the founders of the BlueSpace community (BlueSpaceSec) and one of the core members of Open Threat Research, founded by Roberto Rodriguez (OTR_Community).

作者簡介(中文翻譯)

Valentina Palacín 是一位網路威脅情報分析師,專注於追蹤全球的高級持續威脅(Advanced Persistent Threats, APTs),並使用 MITRE ATT&CK 框架來分析它們的工具、戰術、技術和程序(TTPs)。她是一位自學的開發者和威脅獵人,擁有馬拉加大學(Universidad de Málaga, UMA)的翻譯與口譯學位,以及阿根廷國立技術大學(Universidad Tecnológica Nacional, UTN)的網路安全文憑。Valentina 也是 BlueSpace 社群(BlueSpaceSec)的創始人之一,以及由 Roberto Rodriguez 創立的開放威脅研究(Open Threat Research, OTR_Community)的核心成員之一。

目錄大綱

Table of Contents

  1. What is Cyber Threat Intelligence?
  2. What is Threat Hunting?
  3. Where Does the Data Come From?
  4. Mapping the Adversary
  5. Working with Data
  6. Emulating the Adversary
  7. Creating a Research Environment
  8. How to Query the Data
  9. Hunting for the Adversary
  10. Importance of Documenting and Automating the Process
  11. Assessing Data Quality
  12. Understanding the Output
  13. Defining Good Metrics to Track Success
  14. Engaging the Response Team and Communicating the Result to Executives

目錄大綱(中文翻譯)

Table of Contents


  1. What is Cyber Threat Intelligence?

  2. What is Threat Hunting?

  3. Where Does the Data Come From?

  4. Mapping the Adversary

  5. Working with Data

  6. Emulating the Adversary

  7. Creating a Research Environment

  8. How to Query the Data

  9. Hunting for the Adversary

  10. Importance of Documenting and Automating the Process

  11. Assessing Data Quality

  12. Understanding the Output

  13. Defining Good Metrics to Track Success

  14. Engaging the Response Team and Communicating the Result to Executives

類似商品

最後瀏覽商品 (3)