Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs

Yahia, Mostafa

  • 出版商: Packt Publishing
  • 出版日期: 2023-08-25
  • 售價: $2,040
  • 貴賓價: 9.5$1,938
  • 語言: 英文
  • 頁數: 314
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1837634785
  • ISBN-13: 9781837634781
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

商品描述

Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Understand and analyze various modern cyber threats and attackers' techniques
  • Gain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logs
  • Explore popular cyber threat intelligence platforms to investigate suspicious artifacts

Book Description

Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.

The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you'll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you'll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You'll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.

By the end of this book, you'll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.

What you will learn

  • Get familiarized with and investigate various threat types and attacker techniques
  • Analyze email security solution logs and understand email flow and headers
  • Find out how to analyze Microsoft event logs
  • Practical investigation of the various Windows threats and attacks
  • Analyze web proxy logs to investigate C&C communication attributes
  • Understand web application firewall (WAF) logs and examine various external attacks
  • Analyze FW logs and security alerts to investigate cyber threats
  • Understand the role of CTI in investigation and identify potential threats

Who this book is for

This book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you want to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.

商品描述(中文翻譯)

檢測和調查惡意行為者通過分析來自不同來源的日誌所進行的各種網絡威脅和技術。

購買印刷版或Kindle電子書將包括一本免費的PDF電子書。

主要特點:

- 瞭解和分析各種現代網絡威脅和攻擊者的技術。
- 深入了解電子郵件安全、Windows、防火牆、代理、WAF和安全解決方案的日誌。
- 探索流行的網絡威脅情報平台,以調查可疑的文物。

書籍描述:

有效的威脅調查需要強大的技術專業知識、分析能力和對網絡威脅和攻擊者技術的深入理解。這對於SOC分析師來說是一項至關重要的技能,使他們能夠分析不同的威脅並識別安全事件的起源。本書提供了對最常見的網絡威脅和各種攻擊者技術的深入洞察,以幫助您提升您的事件調查技能。

本書首先解釋了釣魚和電子郵件攻擊類型以及如何檢測和調查它們,以及Microsoft的日誌類型,如安全、系統、PowerShell及其事件。接下來,您將學習如何在Windows環境中檢測和調查攻擊者的技術和惡意活動。隨著您的進展,您將了解如何分析防火牆、流量和代理日誌,以及使用各種安全解決方案警報(包括EDR、IPS和IDS)檢測和調查網絡威脅。您還將探索流行的威脅情報平台,如VirusTotal、AbuseIPDB和X-Force,以調查網絡威脅並成功構建自己的沙箱環境進行有效的恶意軟件分析。

通過閱讀本書,您將學習如何分析任何環境中存在的流行系統和安全設備日誌,並探索各種攻擊者的技術,以便輕鬆檢測和調查它們。

您將學到什麼:

- 熟悉並調查各種威脅類型和攻擊者技術。
- 分析電子郵件安全解決方案日誌,並了解電子郵件流和標頭。
- 了解如何分析Microsoft事件日誌。
- 實際調查各種Windows威脅和攻擊。
- 分析網絡代理日誌以調查C&C通信屬性。
- 理解Web應用防火牆(WAF)日誌,並檢查各種外部攻擊。
- 分析防火牆日誌和安全警報以調查網絡威脅。
- 理解CTI在調查中的作用,並識別潛在威脅。

本書適合以下讀者:

本書適合安全運營中心(SOC)分析師、安全專業人員、網絡安全事件調查員、事件處理人員、事件應對人員或任何希望探索攻擊者技術並深入研究檢測和調查攻擊的人士。如果您想通過分析來自不同日誌來源生成的日誌來高效地檢測和調查網絡攻擊,那麼這本書就是為您而寫的。基本的網絡安全和網絡領域知識以及入門級的安全概念對於充分利用本書至關重要。

目錄大綱

  1. Investigating Email Threats
  2. Email Flow and Header Analysis
  3. Introduction to Windows Event Logs
  4. Tracking Accounts Login and Management
  5. Investigating Suspicious Process Execution Using Windows Event Logs
  6. Investigating PowerShell Event Logs
  7. Investigating Persistence and Lateral Movement Using Windows Event Logs
  8. Network Firewall Logs Analysis
  9. Investigating Cyber Threats by Using the Firewall Logs
  10. Web Proxy Logs Analysis

(N.B. Please use the Look Inside option to see further chapters)

目錄大綱(中文翻譯)

調查電子郵件威脅
電子郵件流程和標頭分析
Windows事件日誌介紹
追踪帳戶登錄和管理
使用Windows事件日誌調查可疑進程執行
調查PowerShell事件日誌
使用Windows事件日誌調查持久性和橫向移動
網絡防火牆日誌分析
使用防火牆日誌調查網絡威脅
Web代理日誌分析

(註:請使用“查看內容”選項查看更多章節)