My Account Log in

1 option

Automating Security Detection Engineering : A Hands-On Guide to Implementing Detection As Code.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Chow, Dennis.
Contributor:
Bruskin, David.
Language:
English
Subjects (All):
Computer security.
Application software.
Data protection.
Internet--Security measures.
Internet.
Physical Description:
1 online resource (253 pages)
Edition:
1st ed.
Place of Publication:
Birmingham : Packt Publishing, Limited, 2024.
Biography/History:
Chow Dennis: Dennis Chow is an experienced security engineer and manager who has led global security teams in Fortune 500 industries with over 14 years of experience. Dennis started from an IT and security analyst background, working upwards to engineering, architecture, and consultancy in blue- and red-team-focused roles. In 2015, the US Department of Health and Human Services awarded Dennis a grant to standardize cyber threat intelligence sharing for the entire US healthcare vertical. In that time, Dennis achieved over 30 certifications and became GIAC Security Expert #288. During his time at Amazon Web Services (AWS), Dennis worked as a professional services consultant, focusing on security transformation for detection-focused automation.
Summary:
Accelerate security detection development with AI-enabled technical solutions using threat-informed defense Key Features Create automated CI/CD pipelines for testing and implementing threat detection use cases Apply implementation strategies to optimize the adoption of automated work streams Use a variety of enterprise-grade tools and APIs to bolster your detection program Purchase of the print or Kindle book includes a free PDF eBook Book Description Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases. You'll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you'll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs. By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise. What you will learn Understand the architecture of Detection as Code implementations Develop custom test functions using Python and Terraform Leverage common tools like GitHub and Python 3.x to create detection-focused CI/CD pipelines Integrate cutting-edge technology and operational patterns to further refine program efficacy Apply monitoring techniques to continuously assess use case health Create, structure, and commit detections to a code repository Who this book is for This book is for security engineers and analysts responsible for the day-to-day tasks of developing and implementing new detections at scale. If you're working with existing programs focused on threat detection, you'll also find this book helpful. Prior knowledge of DevSecOps, hands-on experience with any programming or scripting languages, and familiarity with common security practices and tools are recommended for an optimal learning experience.
Contents:
Cover
Title Page
Copyright
Dedication
Foreword
Contributors
Table of Contents
Preface
Part 1: Automating Detection Inputs and Deployments
Chapter 1: Detection as Code Architecture and Lifecycle
Understanding detection life cycle concepts
Establish requirements
Development
Testing
Implementation
Deprecation
Conceptualizing detection as code requirements
Version control systems
API support
Use case syntax
Testing instrumentation
Secrets management
Planning automation milestones
Summary
Further reading
Chapter 2: Scoping and Automating Threat-Informed Defense Inputs
Technical requirements
Scoping threat-based inputs
Parsing indicators and payloads
Lab 2.1 - Custom STIX2 JSON parser
Lab 2.2 - Automatically block domains with intel feed
Lab 2.3 - Integrate malicious hashes into Wazuh EDR
Lab 2.4 - Deploy custom IOCs to CrowdStrike
Leveraging context enrichment
Lab 2.5 - Analyze and develop custom detections in Google Chronicle
Chapter 3: Developing Core CI/CD Pipeline Functions
Deploying code repositories
GitHub usage concepts
Branching strategy
Lab 3.1 - Create a new repository
Setting up CI/CD runners
Lab 3.2 - Deploy a custom IOA to CrowdStrike Falcon
Lab 3.3 - CI/CD with Terraform Cloud and Cloudflare WAF
Lab 3.4 - Policy as Code with Cloud Custodian in AWS
Lab 3.5 - Custom RASP rule in Trend Micro Cloud One
Lab 3.6 - Custom detection for Datadog Cloud SIEM with GitHub Actions
Monitoring pipeline jobs
Chapter 4: Leveraging AI for Use Case Development
Optimizing generative AI usage
Lab 4.1 - Tuning an LLM-based chatbot
Experimenting with multiple AI tools
Lab 4.2 - Exploring SOC Prime Uncoder AI.
Automating LLM interactions
Lab 4.3 - Generating Splunk SPL content from news
Part 2: Automating Validations within CI/CD Pipelines
Chapter 5: Implementing Logical Unit Tests
Validating syntax and linting
Lab 5.1 - CrowdStrike syntax validation
Performing metadata and taxonomy checks
Lab 5.2 - Google Chronicle payload validation
Performing data input checks
Lab 5.3 - Palo Alto signature limitation tests
Lab 5.4 - Suricata simulation testing
Lab 5.5 - Git pre-commit hook protections
Chapter 6: Creating Integration Tests
Mapping and Using Synthetic Payloads
Lab 6.1 - Splunk SPL Detection Testing
Testing In-Line Payloads
Lab 6.2 - AWS CloudTrail Detection Tests
Executing Live-Fire Asynchronous Tests
Lab 6.3 - CrowdStrike Falcon Payload Testing
Lab 6.4 - Deploying Caldera BAS
Chapter 7: Leveraging AI for Testing
Synthetic testing with LLMs
Lab 7.1 - Poe Bot synthetic CI/CD unit testing
Evaluating data security and ROI
Lab 7.2 - CodeRabbit augmented peer review
Implementing multi-LLM model validation
Part 3: Monitoring Program Effectiveness
Chapter 8: Monitoring Detection Health
Identifying telemetry sources
Measuring use case performance
Upstream detection performance
Downstream detection performance
Lab 8.1 - Google Chronicle detection insights
Extending dashboard use cases
Lab 8.2 - Mock SOAR disable excessive firing rule
Chapter 9: Measuring Program Efficiency
Creating program KPIs
Locating data for metrics
Signal to Noise Ratio
MITRE ATT&amp
CK coverage.
Number of active SIEM detections by criticality
Creating dashboard visualizations
Lab 9.1 - Monitoring team workload in Jira
Chapter 10: Operating Patterns by Maturity
Implementing L1 - foundations
L1 workflow management
L1 version control
L1 CI/CD pipeline
L1 development environment
Implementing L2 - intermediate
L2 workflow management
L2 version control
L2 CI/CD pipeline
L2 development
Implementing L3 - advanced
L3 workflow management
L3 version control
L3 CI/CD pipeline
L3 development
Lab 10.1 - exploring Google Colab
Index
About Packt
Other Books You May Enjoy.
Notes:
Description based upon print version of record.
Evaluating data security and ROI
Description based on publisher supplied metadata and other sources.
ISBN:
9781837631421
1837631425
OCLC:
1436832136

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account