Learn to build, test, and optimize high-fidelity security detections with hands-on labs, real-world scenarios, and industry frameworks like MITRE ATT&CK to master detection engineering and boost your career.
Key Features
- Master the core principles of detection engineering, from development to validation
- Follow practical tutorials and real-world examples to build and test detections effectively
- Boost your career using cutting-edge, open-source tools and community-driven content
Book Description
Threat validation is the backbone of every strong security detection strategy—it ensures your detection pipeline is effective, reliable, and resilient against real-world threats.
This comprehensive guide is designed for those new to detection validation, offering clear, actionable frameworks to help you assess, test, and refine your security detections with confidence. Covering the entire detection lifecycle, from development to validation, this book provides real-world examples, hands-on tutorials, and practical projects to solidify your skills.
Beyond just technical know-how, this book empowers you to build a career in detection engineering, equipping you with the essential expertise to thrive in today’s cybersecurity landscape.
By the end of this book, you'll have the tools and knowledge to fortify your organization’s defenses, enhance detection accuracy, and stay ahead of cyber threats.
What you will learn
- Boost your career as a detection engineer
- Use industry tools to test and refine your security detections
- Create effective detections to catch sophisticated threats.
- Build a detection engineering test lab
- Make the most of the detection engineering life cycle
- Harness threat intelligence for detection with open-source intelligence and assessments
- Understand the principles and concepts that form the foundation of detection engineering
- Identify critical data sources and overcome integration challenges
Who this book is for
This book is for SOC analysts, threat hunters, security engineers, and cybersecurity professionals looking to master detection engineering. Ideal for those seeking to build, test, and optimize high-fidelity security detections.
Table of Contents
- Fundamentals of Detection Engineering
- The Detection Engineering Life Cycle
- Building a Detection Engineering Test Lab
- Detection Data Sources
- Investigating Detection Requirements
- Developing Detections Using Indicators of Compromise
- Developing Detections Using Behavioral Indicators
- Documentation and Detection Pipelines
- Detection Validation
- Leveraging Threat Intelligence
- Performance Management
- Career Guidance for Detection Engineers
Megan Roddie is an experienced information security professional with a diverse background ranging from incident response to threat intelligence to her current role as a detection engineer. Additionally, Megan is a course author and instructor with the SANS Institute where she regularly publishes research on cloud incident response and forensics. Outside of the cyber security industry, Megan trains and competes as a high-level amateur Muay Thai fighter in Austin, TX.
Jason Deyalsingh is an experienced consultant with over nine years of experience in the cyber security space. He has spent the last 5 years focused on digital forensics and incident response (DFIR). His current hobbies include playing with data and failing to learn Rust.
Gary J. Katz is still trying to figure out what to do with his life while contemplating what its purpose really is. While not spiraling into this metaphysical black hole compounded by the plagues and insanity of this world, he sometimes thinks about cyber security problems and writes them down. These ruminations are, on occasion, captured in articles and books.
