Automating Security Detection Engineering : A Hands-On Guide to Implementing Detection As Code

Automating Security Detection Engineering A Hands-On Guide to Implementing Detection As Code

Accelerate security detection development with AI-enabled technical solutions using threat-informed defense Key Features Create automated CI/CD pipelines for testing and implementing threat detection use cases Apply implementation strategies to optimize the adoption of automated work streams Use a v...

Descripción completa

Detalles Bibliográficos
Autor principal: Chow, Dennis (-)
Otros Autores: Bruskin, David
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited 2024.
Edición:1st ed
Materias:
Computer security.
Application software.
Data protection.
Internet > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009837629706719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright
  • Dedication
  • Foreword
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Automating Detection Inputs and Deployments
  • Chapter 1: Detection as Code Architecture and Lifecycle
  • Understanding detection life cycle concepts
  • Establish requirements
  • Development
  • Testing
  • Implementation
  • Deprecation
  • Conceptualizing detection as code requirements
  • Version control systems
  • API support
  • Use case syntax
  • Testing instrumentation
  • Secrets management
  • Planning automation milestones
  • Summary
  • Further reading
  • Chapter 2: Scoping and Automating Threat-Informed Defense Inputs
  • Technical requirements
  • Scoping threat-based inputs
  • Parsing indicators and payloads
  • Lab 2.1 - Custom STIX2 JSON parser
  • Lab 2.2 - Automatically block domains with intel feed
  • Lab 2.3 - Integrate malicious hashes into Wazuh EDR
  • Lab 2.4 - Deploy custom IOCs to CrowdStrike
  • Leveraging context enrichment
  • Lab 2.5 - Analyze and develop custom detections in Google Chronicle
  • Summary
  • Further reading
  • Chapter 3: Developing Core CI/CD Pipeline Functions
  • Technical requirements
  • Deploying code repositories
  • GitHub usage concepts
  • Branching strategy
  • Lab 3.1 - Create a new repository
  • Setting up CI/CD runners
  • Lab 3.2 - Deploy a custom IOA to CrowdStrike Falcon
  • Lab 3.3 - CI/CD with Terraform Cloud and Cloudflare WAF
  • Lab 3.4 - Policy as Code with Cloud Custodian in AWS
  • Lab 3.5 - Custom RASP rule in Trend Micro Cloud One
  • Lab 3.6 - Custom detection for Datadog Cloud SIEM with GitHub Actions
  • Monitoring pipeline jobs
  • Summary
  • Chapter 4: Leveraging AI for Use Case Development
  • Technical requirements
  • Optimizing generative AI usage
  • Lab 4.1 - Tuning an LLM-based chatbot
  • Experimenting with multiple AI tools
  • Lab 4.2 - Exploring SOC Prime Uncoder AI.
  • Automating LLM interactions
  • Lab 4.3 - Generating Splunk SPL content from news
  • Summary
  • Part 2: Automating Validations within CI/CD Pipelines
  • Chapter 5: Implementing Logical Unit Tests
  • Technical requirements
  • Validating syntax and linting
  • Lab 5.1 - CrowdStrike syntax validation
  • Performing metadata and taxonomy checks
  • Lab 5.2 - Google Chronicle payload validation
  • Performing data input checks
  • Lab 5.3 - Palo Alto signature limitation tests
  • Lab 5.4 - Suricata simulation testing
  • Lab 5.5 - Git pre-commit hook protections
  • Summary
  • Further reading
  • Chapter 6: Creating Integration Tests
  • Technical requirements
  • Mapping and Using Synthetic Payloads
  • Lab 6.1 - Splunk SPL Detection Testing
  • Testing In-Line Payloads
  • Lab 6.2 - AWS CloudTrail Detection Tests
  • Executing Live-Fire Asynchronous Tests
  • Lab 6.3 - CrowdStrike Falcon Payload Testing
  • Lab 6.4 - Deploying Caldera BAS
  • Summary
  • Further reading
  • Chapter 7: Leveraging AI for Testing
  • Technical requirements
  • Synthetic testing with LLMs
  • Lab 7.1 - Poe Bot synthetic CI/CD unit testing
  • Evaluating data security and ROI
  • Lab 7.2 - CodeRabbit augmented peer review
  • Implementing multi-LLM model validation
  • Summary
  • Part 3: Monitoring Program Effectiveness
  • Chapter 8: Monitoring Detection Health
  • Technical requirements
  • Identifying telemetry sources
  • Measuring use case performance
  • Upstream detection performance
  • Downstream detection performance
  • Lab 8.1 - Google Chronicle detection insights
  • Extending dashboard use cases
  • Lab 8.2 - Mock SOAR disable excessive firing rule
  • Summary
  • Further reading
  • Chapter 9: Measuring Program Efficiency
  • Technical requirements
  • Creating program KPIs
  • Locating data for metrics
  • Signal to Noise Ratio
  • MITRE ATT&amp
  • CK coverage.
  • Number of active SIEM detections by criticality
  • Creating dashboard visualizations
  • Lab 9.1 - Monitoring team workload in Jira
  • Summary
  • Chapter 10: Operating Patterns by Maturity
  • Technical requirements
  • Implementing L1 - foundations
  • L1 workflow management
  • L1 version control
  • L1 CI/CD pipeline
  • L1 development environment
  • Implementing L2 - intermediate
  • L2 workflow management
  • L2 version control
  • L2 CI/CD pipeline
  • L2 development
  • Implementing L3 - advanced
  • L3 workflow management
  • L3 version control
  • L3 CI/CD pipeline
  • L3 development
  • Lab 10.1 - exploring Google Colab
  • Summary
  • Index
  • About Packt
  • Other Books You May Enjoy.

Ejemplares similares