Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK(TM) Framework and open source tools

Palacín, Valentina

  • 出版商: Packt Publishing
  • 出版日期: 2021-02-12
  • 售價: $1,700
  • 貴賓價: 9.5$1,615
  • 語言: 英文
  • 頁數: 398
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1838556370
  • ISBN-13: 9781838556372
  • 相關分類: 駭客 Hack
  • 相關翻譯: ATT & CK 與威脅獵殺實戰 (簡中版)
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Get to grips with cyber threat intelligence and data-driven threat hunting while exploring expert tips and techniques

Key Features

  • Set up an environment to centralize all data in an Elasticsearch, Logstash, and Kibana (ELK) server that enables threat hunting
  • Carry out atomic hunts to start the threat hunting process and understand the environment
  • Perform advanced hunting using MITRE ATT&CK Evals emulations and Mordor datasets

Book Description

Threat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.

This book is not only an introduction for those who don't know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.

You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you'll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.

By the end of this book, you'll have the skills you need to be able to carry out effective hunts in your own environment.

What you will learn

  • Understand what CTI is, its key concepts, and how it is useful for preventing threats and protecting your organization
  • Explore the different stages of the TH process
  • Model the data collected and understand how to document the findings
  • Simulate threat actor activity in a lab environment
  • Use the information collected to detect breaches and validate the results of your queries
  • Use documentation and strategies to communicate processes to senior management and the wider business

Who this book is for

If you are looking to start out in the cyber intelligence and threat hunting domains and want to know more about how to implement a threat hunting division with open-source tools, then this cyber threat intelligence book is for you.

商品描述(中文翻譯)

掌握網絡威脅情報和數據驅動的威脅狩獵,同時探索專家的技巧和技術。

主要特點:

- 建立一個環境,將所有數據集中在Elasticsearch、Logstash和Kibana(ELK)服務器中,實現威脅狩獵。
- 進行原子狩獵,開始威脅狩獵過程並了解環境。
- 使用MITRE ATT&CK Evals仿真和Mordor數據集進行高級狩獵。

書籍描述:

威脅狩獵(TH)為網絡安全分析師和企業提供了機會,可以在威脅對其業務造成重大損害之前主動防禦。

本書不僅是對於對網絡威脅情報(CTI)和TH領域了解不多的人的介紹,也是對於在其他更高級的網絡安全領域具有更高級知識的人從頭開始實施TH計劃的指南。

您將首先探索威脅情報是什麼以及如何使用它來檢測和預防網絡威脅。隨著進展,您將學習如何收集數據,並通過開發數據模型來理解數據。本書還將向您展示如何使用開源工具建立TH環境。之後,您將專注於如何計劃狩獵,並提供實際示例,然後探索MITRE ATT&CK框架。

通過閱讀本書,您將具備在自己的環境中進行有效狩獵的技能。

您將學到什麼:

- 了解CTI是什麼,其關鍵概念以及如何用於預防威脅和保護組織。
- 探索TH過程的不同階段。
- 對收集的數據進行建模,並了解如何記錄發現。
- 在實驗室環境中模擬威脅行為。
- 使用收集的信息檢測入侵並驗證查詢結果。
- 使用文檔和策略將流程傳達給高級管理層和整個企業。

本書適合對網絡情報和威脅狩獵領域感興趣,並希望了解如何使用開源工具實施威脅狩獵部門的人。

作者簡介

Valentina Palacín is a cyber threat intelligence analyst who specializes in tracking Advanced Persistent Threats (APTs) worldwide, using the MITRE ATT&CK Framework to analyze their tools, tactics, techniques, and procedures (TTPs). She is a self-taught developer and threat hunter with a degree in translation and interpretation from the Universidad de Málaga (UMA) and a cyber security diploma from Argentina's Universidad Tecnológica Nacional (UTN). Valentina also is one of the founders of the BlueSpace community (BlueSpaceSec) and one of the core members of Open Threat Research, founded by Roberto Rodriguez (OTR_Community).

作者簡介(中文翻譯)

Valentina Palacín 是一位專精於追蹤全球高級持續性威脅(APT)的網絡威脅情報分析師,她使用MITRE ATT&CK框架來分析APT的工具、戰術、技術和程序(TTPs)。她是一位自學成才的開發人員和威脅獵人,擁有馬拉加大學(UMA)的翻譯和口譯學位,以及阿根廷國家技術大學(UTN)的網絡安全文憑。Valentina還是BlueSpace社區(BlueSpaceSec)的創始人之一,也是由Roberto Rodriguez(OTR_Community)創立的Open Threat Research的核心成員之一。

目錄大綱

Table of Contents

  1. What is Cyber Threat Intelligence?
  2. What is Threat Hunting?
  3. Where Does the Data Come From?
  4. Mapping the Adversary
  5. Working with Data
  6. Emulating the Adversary
  7. Creating a Research Environment
  8. How to Query the Data
  9. Hunting for the Adversary
  10. Importance of Documenting and Automating the Process
  11. Assessing Data Quality
  12. Understanding the Output
  13. Defining Good Metrics to Track Success
  14. Engaging the Response Team and Communicating the Result to Executives

目錄大綱(中文翻譯)

目錄


  1. 什麼是網絡威脅情報?

  2. 什麼是威脅狩獵?

  3. 數據來源在哪裡?

  4. 對手的映射

  5. 處理數據

  6. 模擬對手

  7. 創建研究環境

  8. 如何查詢數據

  9. 對抗對手

  10. 重要性:記錄和自動化過程

  11. 評估數據質量

  12. 理解輸出結果

  13. 定義良好的指標以追蹤成功

  14. 與應對團隊合作並向高層傳達結果