Skip to content

Latest commit

 

History

History
81 lines (65 loc) · 5.27 KB

File metadata and controls

81 lines (65 loc) · 5.27 KB

Automating Security Detection Engineering

Automating Security Detection Engineering

This is the code repository for Automating Security Detection Engineering, published by Packt.

A hands-on guide to implementing Detection as Code

What is this book about?

This book focuses entirely on the automation of detection engineering with practice labs, and technical guidance that optimizes and scales detection focused programs. Using this book as a bootstrap, practitioners can mature their program and free up valuable engineering time.

This book covers the following exciting features:

  • Understand the architecture of Detection as Code implementations
  • Develop custom test functions using Python and Terraform
  • Leverage common tools like GitHub and Python 3.x to create detection-focused CI/CD pipelines
  • Integrate cutting-edge technology and operational patterns to further refine program efficacy
  • Apply monitoring techniques to continuously assess use case health
  • Create, structure, and commit detections to a code repository

If you feel this book is for you, get your copy today!

https://www.packtpub.com/

Instructions and Navigations

All of the code is organized into folders. For example, Chapter02.

The code will look like the following:

if {
event1 == True,
{
event2 == True,
{
event3
}
}
}

Following is what you need for this book: This book is for security engineers and analysts responsible for the day-to-day tasks of developing and implementing new detections at scale. If you’re working with existing programs focused on threat detection, you’ll also find this book helpful. Prior knowledge of DevSecOps, hands-on experience with any programming or scripting languages, and familiarity with common security practices and tools are recommended for an optimal learning experience.

With the following software and hardware list you can run all code files present in the book (Chapter 1-10).

Software and Hardware List

Chapter Software required OS required
1-10 A computer capable of running an Ubuntu-based VM concurrently, with a recommended 8 CPU cores and 16 GB of memory for the host machine Windows, Mac OS X, and Linux (Any)
1-10 Amazon Web Services (AWS) Windows, Mac OS X, and Linux (Any)
1-10 Atlassian Jira Cloud Windows, Mac OS X, and Linux (Any)
1-10 Cloud Custodian Windows, Mac OS X, and Linux (Any)
1-10 Cloudfl are WAF Windows, Mac OS X, and Linux (Any)
1-10 CodeRabbit AI Windows, Mac OS X, and Linux (Any)
1-10 CrowdStrike Falcon EDR Windows, Mac OS X, and Linux (Any)
1-10 Datadog Cloud SIEM Windows, Mac OS X, and Linux (Any)
1-10 Git CLI Windows, Mac OS X, and Linux (Any)
1-10 GitHub Windows, Mac OS X, and Linux (Any)
1-10 Google Chronicle Windows, Mac OS X, and Linux (Any)
1-10 Google Colab Windows, Mac OS X, and Linux (Any)
1-10 Hashicorp Terraform Windows, Mac OS X, and Linux (Any)
1-10 Microsoft VS Code Windows, Mac OS X, and Linux (Any)
1-10 PFSense Community Edition Windows, Mac OS X, and Linux (Any)
1-10 Poe.com AI Windows, Mac OS X, and Linux (Any)
1-10 Python 3.9+ Windows, Mac OS X, and Linux (Any)
1-10 SOC Prime Uncoder AI Windows, Mac OS X, and Linux (Any)
1-10 Splunk Enterprise Windows, Mac OS X, and Linux (Any)
1-10 Tines.com Cloud SOAR Windows, Mac OS X, and Linux (Any)
1-10 Trend Micro Cloud One Windows, Mac OS X, and Linux (Any)
1-10 Ubuntu Desktop LTS 22.04+ Windows, Mac OS X, and Linux (Any)
1-10 Wazuh Server and EDR Windows, Mac OS X, and Linux (Any)

Related products

Get to Know the Author

Dennis Chow is an experienced security engineer and manager who has led global security teams in multiple Fortune 500 industries. Dennis started from a IT and security analyst background working his way up to engineering, architecture, and consultancy in blue and red team focused roles. Dennis is also a former AWS professional services consultant that focused on transforming security operations for clients.