You're reading from Threat Hunting with Elastic Stack Solve complex security challenges with integrated prevention, detection, and response

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801073783

Length 392 pages

Edition 1st Edition

Tools

Kibana

Concepts

Cybersecurity

Author (1):

Andrew Pease

Preface

1. Section 1: Introduction to Threat Hunting, Analytical Models, and Hunting Methodologies

2. Chapter 1: Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks FREE CHAPTER

3. Chapter 2: Hunting Concepts, Methodologies, and Techniques

4. Section 2: Leveraging the Elastic Stack for Collection and Analysis

5. Chapter 3: Introduction to the Elastic Stack

6. Chapter 4: Building Your Hunting Lab – Part 1

7. Chapter 5: Building Your Hunting Lab – Part 2

8. Chapter 6: Data Collection with Beats and Elastic Agent

9. Chapter 7: Using Kibana to Explore and Visualize Data

10. Chapter 8: The Elastic Security App

11. Section 3: Operationalizing Threat Hunting

12. Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

13. Chapter 10: Leveraging Hunting to Inform Operations

14. Chapter 11: Enriching Data to Make Intelligence

15. Chapter 12: Sharing Information and Analysis

16. Assessments

17. Other Books You May Enjoy

Technical requirements

In this chapter, you will need to have access to the following:

VirtualBox (or any hypervisor) with at least 12 GB of RAM, six CPU cores, and 70 GB HDD available to VM guests.
A Unix-like operating system (macOS, Linux, and so on) is strongly recommended.
A text editor that will not add formatting (Sublime Text, Notepad++, Atom, vi/vim, Emacs, nano, and so on).
Access to a command-line interface.
The archive program tar.
A modern web browser with a UI.
A package manager is recommended, but not required.
macOS Homebrew – https://brew.sh.
Ubuntu APT – included in Ubuntu-like systems.
RHEL/CentOS/Fedora yum or DNF – included in RHEL-like systems.
Windows Chocolatey – https://chocolatey.org/install.
Important note
We'll be building a sandbox to eventually detonate malware for dynamic analysis. It is essential to remember that while we're taking steps to ensure our host is staying secure, we are...