Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Threat Detection Engineering

You're reading from   Practical Threat Detection Engineering A hands-on guide to planning, developing, and validating detection capabilities

Arrow left icon
Product type Paperback
Published in Jul 2023
Publisher Packt
ISBN-13 9781801076715
Length 328 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Megan Roddie Megan Roddie
Author Profile Icon Megan Roddie
Megan Roddie
Jason Deyalsingh Jason Deyalsingh
Author Profile Icon Jason Deyalsingh
Jason Deyalsingh
Gary J. Katz Gary J. Katz
Author Profile Icon Gary J. Katz
Gary J. Katz
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Introduction to Detection Engineering
2. Chapter 1: Fundamentals of Detection Engineering FREE CHAPTER 3. Chapter 2: The Detection Engineering Life Cycle 4. Chapter 3: Building a Detection Engineering Test Lab 5. Part 2: Detection Creation
6. Chapter 4: Detection Data Sources 7. Chapter 5: Investigating Detection Requirements 8. Chapter 6: Developing Detections Using Indicators of Compromise 9. Chapter 7: Developing Detections Using Behavioral Indicators 10. Chapter 8: Documentation and Detection Pipelines 11. Part 3: Detection Validation
12. Chapter 9: Detection Validation 13. Chapter 10: Leveraging Threat Intelligence 14. Part 4: Metrics and Management
15. Chapter 11: Performance Management 16. Part 5: Detection Engineering as a Career
17. Chapter 12: Career Guidance for Detection Engineers 18. Index 19. Other Books You May Enjoy

Developing Detections Using Indicators of Compromise

In this chapter, we will apply the detection engineering life cycle to investigate and develop detections in our lab. In Chapter 2, we identified four sub-steps to the Investigate phase and three sub-steps to the Develop phase, which we will follow in our exercises in this chapter.

Investigate:

  1. Research context
  2. Data source identification
  3. Detection indicator types
  4. Establish validation criteria

Develop:

  1. Design
  2. Develop
  3. Unit test

At the beginning of the book, we introduced the Pyramid of Pain, which can be used to evaluate how easily the adversary can evade our detections. In addition to signifying the difficulty for the adversary to evade detection, the pyramid levels also (mostly) align with how easily a detection can be created. For this reason, we will start with implementing simpler static indicator detections that align to lower levels of the pyramid, and in the next chapter...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image