This is the code repository for Incident Response with Threat Intelligence, published by Packt.
Practical insights into developing an incident response capability through intelligence-based threat hunting
With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization.
This book covers the following exciting features:
- Explore the fundamentals of incident response and incident management
- Find out how to develop incident response capabilities
- Understand the development of incident response plans and playbooks
- Align incident response procedures with business continuity
- Identify incident response requirements and orchestrate people, processes, and technologies
- Discover methodologies and tools to integrate cyber threat intelligence and threat hunting into incident response
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
detection:
selection1:
EventID: 1
selection2:
Image|contains:
Following is what you need for this book: If you are an information security professional or anyone who wants to learn the principles of incident management, first response, threat hunting, and threat intelligence using a variety of platforms and tools, this book is for you. Although not necessary, basic knowledge of Linux, Windows internals, and network protocols will be helpful.
With the following software and hardware list you can run all code files present in the book (Chapter 1-14).
| Chapter | Software required | OS required |
|---|---|---|
| 1-14 | MAGNET RAM Capture | Windows, Mac OS X, and Linux (Any) |
| 1-14 | FTK Imager | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Velociraptor IR | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Kape | Windows, Mac OS X, and Linux (Any) |
| 1-14 | MITRE ATT&CK Navigator | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Threat Report ATT&CK Mapper(TRAM) | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Visual Studio Code, ELK Stack | Windows, Mac OS X, and Linux (Any) |
| 1-14 | TheHive and Cortex, Security Onion | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Invoke-AtomicRedTeam | Windows, Mac OS X, and Linux (Any) |
| 1-14 | Yara rules, Sigma rules | Windows, Mac OS X, and Linux (Any) |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Roberto Martinez (@r0bertmart1nez) has worked as senior security researcher at Kaspersky's Global Research and Analysis Team (GReAT) and as Watch Commander at HSBC (GCO), investigating cyberthreats, responding to security incidents, and presenting at security events worldwide. He has collaborated as an expert associate professor at Tecnologico de Monterrey (ITESM) and is a member of the High Technology Crime Investigation Association (HTCIA). Roberto has more than 18 years of experience in cybersecurity fields such as offensive security, malware analysis, digital forensics, incident response, threat intelligence, and threat hunting. He also worked as a security consultant and instructor for governments, financial institutions, and private corporations in Latin America.