Threat Hunting with Elastic Stack: Solve complex security challenges with integrated prevention, detection, and response

Pease, Andrew

  • 出版商: Packt Publishing
  • 出版日期: 2021-07-23
  • 售價: $1,980
  • 貴賓價: 9.5$1,881
  • 語言: 英文
  • 頁數: 392
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1801073783
  • ISBN-13: 9781801073783
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)



Get hands-on with advanced threat analysis techniques by implementing Elastic Stack security features with the help of practical examples

Key Features:

  • Get started with Elastic Security configuration and features
  • Understand how to use Elastic Stack features to provide optimal protection against threats
  • Discover tips, tricks, and best practices to enhance the security of your environment

Book Description:

Elastic Security is an open solution that equips professionals with the tools to prevent, detect, and respond to threats. Threat Hunting with Elastic Stack will show you how to make the best use of Elastic Security to provide optimal protection against cyber threats. With this book, security practitioners working with Kibana will be able to put their knowledge to work and detect malicious adversary activity within their contested network.

You'll take a hands-on approach to learning the implementation and methodologies that will have you up and running in no time. Starting with the foundational parts of the Elastic Stack, you'll explore analytical models and how they support security response and finally leverage Elastic technology to perform defensive cyber operations. You'll then cover threat intelligence analytical models, threat hunting concepts and methodologies, and how to leverage them in cyber operations. Further, you'll apply the knowledge you've gained to build and configure your own Elastic Stack, upload data, and explore that data directly as well as by using the built-in tools in the Kibana app to hunt for nefarious activities.

By the end of this book, you'll be able to build an Elastic Stack for self-training or to monitor your own network and/or assets and use Kibana to monitor and hunt for adversaries within your network.

What You Will Learn:

  • Explore cyber threat intelligence analytical models and hunting methodologies
  • Build and configure Elastic Stack for cyber threat hunting
  • Leverage the Elastic endpoint and Beats for data collection
  • Perform security data analysis using the Kibana Discover, Visualize, and Dashboard apps
  • Execute hunting and response operations using the Kibana Security app
  • Use Elastic Common Schema to ensure data uniformity across organizations

Who this book is for:

Security analysts, cybersecurity enthusiasts, information systems security staff, or anyone who works with the Elastic Stack for security monitoring, incident response, intelligence analysis, or threat hunting will find this book useful. Basic working knowledge of IT security operations and network and endpoint systems is necessary to get started.


透過實際範例實施 Elastic Stack 安全功能,深入了解進階威脅分析技術。

- 開始使用 Elastic Security 配置和功能
- 瞭解如何使用 Elastic Stack 功能提供最佳的威脅防護
- 發現增強環境安全性的技巧、訣竅和最佳實踐

Elastic Security 是一個開放的解決方案,為專業人士提供了預防、偵測和應對威脅的工具。《使用 Elastic Stack 進行威脅狩獵》將向您展示如何充分利用 Elastic Security 提供最佳的防護,以對抗網絡威脅。本書將使使用 Kibana 的安全從業人員能夠將他們的知識應用於實際操作,並在有爭議的網絡中檢測到惡意對手的活動。

您將採取實踐方法來學習實施和方法,並在短時間內運行起來。從 Elastic Stack 的基礎部分開始,您將探索分析模型及其如何支持安全響應,最後利用 Elastic 技術執行防禦性的網絡操作。然後,您將涵蓋威脅情報分析模型、威脅狩獵概念和方法,以及如何在網絡操作中利用它們。此外,您將應用所學知識來構建和配置自己的 Elastic Stack,上傳數據,並直接使用 Kibana 應用程序中的內置工具來檢測惡意活動。

通過閱讀本書,您將能夠構建一個 Elastic Stack 進行自我培訓或監控自己的網絡和/或資產,並使用 Kibana 監控和搜尋網絡中的對手。

- 探索網絡威脅情報分析模型和狩獵方法
- 構建和配置 Elastic Stack 進行網絡威脅狩獵
- 利用 Elastic 端點和 Beats 進行數據收集
- 使用 Kibana Discover、Visualize 和 Dashboard 應用程序進行安全數據分析
- 使用 Kibana Security 應用程序執行狩獵和響應操作
- 使用 Elastic Common Schema 確保組織間的數據一致性

安全分析師、熱衷於網絡安全的人士、資訊系統安全人員,或任何使用 Elastic Stack 進行安全監控、事件響應、情報分析或威脅狩獵的人士將會發現本書有用。需要具備基本的 IT 安全操作、網絡和端點系統的工作知識才能開始。