Security Orchestration, Automation, and Response for Security Analysts: Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organiz
暫譯: 安全編排、自動化與回應:學習 SOAR 的秘密以改善 MTTA 和 MTTR,強化您的組織
Kovacevic, Benjamin
- 出版商: Packt Publishing
- 出版日期: 2023-07-21
- 售價: $1,940
- 貴賓價: 9.5 折 $1,843
- 語言: 英文
- 頁數: 338
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1803242914
- ISBN-13: 9781803242910
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
商品描述
Become a security automation expert and build solutions that save time while making your organization more secure
Key Features:
What's inside
- An exploration of the SOAR platform's full features to streamline your security operations
- Lots of automation techniques to improve your investigative ability
- Actionable advice on how to leverage the capabilities of SOAR technologies such as incident management and automation to improve security posture
Book Description:
What your journey will look like
With the help of this expert-led book, you'll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust.
You'll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help.
Next, you'll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations.
You'll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR.
The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios.
By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
What You Will Learn:
Some of the things you'll learn in this book
- How to reap the general benefits of using the SOAR platform
- Transforming manual investigations into automated scenarios
- How to manage known false positives and low-severity incidents for faster resolution
- Tips and tricks for using various Microsoft Sentinel playbook actions
- All you need to know about tools such as Google Chronicle SOAR, Microsoft Sentinel, and Splunk SOAR
Who this book is for:
You'll get the most out of this book if
You're a junior SOC engineer, junior SOC analyst, a DevSecOps professional, or anyone working in the security ecosystem who wants to upskill toward automating security tasks
You often feel overwhelmed with security events and incidents
You have general knowledge of SIEM and SOAR, which is a prerequisite
You're a beginner, in which case this book will give you a head start
You've been working in the field for a while, in which case you'll add new tools to your arsenal
商品描述(中文翻譯)
成為安全自動化專家,建立節省時間的解決方案,同時提高組織的安全性
主要特點:
內容概覽
- 全面探索 SOAR 平台的所有功能,以簡化您的安全操作
- 許多自動化技術以提升您的調查能力
- 可行的建議,教您如何利用 SOAR 技術的能力,如事件管理和自動化,以改善安全態勢
書籍描述:
您的學習旅程將會是什麼樣子
在這本專家主導的書籍幫助下,您將熟悉 SOAR,獲得新技能,並使您組織的安全態勢更加堅固。
您將從了解網絡安全的重要性開始,深入探討為什麼傳統工具不再有用,以及 SOAR 如何提供幫助。
接下來,您將學習 SOAR 的運作方式及其好處,包括優化的威脅情報、事件響應,以及在調查中利用威脅獵捕。
您還將掌握高級自動化場景,並探索有用的工具,如 Microsoft Sentinel、Splunk SOAR 和 Google Chronicle SOAR。
本書的最後部分將指導您通過最佳實踐和案例研究,讓您能在現實場景中實施。
到本書結束時,您將能夠成功自動化安全任務,克服挑戰,並保持對威脅的前瞻性。
您將學到什麼:
您在本書中將學到的一些內容
- 如何獲得使用 SOAR 平台的一般好處
- 將手動調查轉變為自動化場景
- 如何管理已知的誤報和低嚴重性事件,以加快解決速度
- 使用各種 Microsoft Sentinel 行動計劃的提示和技巧
- 有關 Google Chronicle SOAR、Microsoft Sentinel 和 Splunk SOAR 工具的所有必要知識
本書適合誰:
如果您是以下人士,將能從本書中獲益良多:
您是初級 SOC 工程師、初級 SOC 分析師、DevSecOps 專業人士,或任何希望提升自動化安全任務技能的安全生態系統工作者
您經常感到安全事件和事故的壓力
您對 SIEM 和 SOAR 有一般了解,這是先決條件
您是初學者,這本書將為您提供良好的起步
您在該領域工作了一段時間,這樣您將能為您的工具庫增添新工具