دانلود کتاب Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

فهرست مطالب :

Cover\nTitle Page\nCopyright and Credits\nDedication\nContributors\nTable of Contents\nPreface\nPart 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance\nChapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools\n Technical requirements\n SOC environments and roles\n SOC environment responsibilities\n SOC coverage\n SOC cross-team collaboration\n Summary\nChapter 2: Analyzing Your Environment for Potential Pitfalls\n Technical requirements\n Danger! Risks ahead – how to establish a risk registry\n Red and blue make purple – how to run purple team exercises\n Discussing common coverage gaps and security shortfalls\n Summary\nChapter 3: Reviewing Different Threat Models\n Technical requirements\n Reviewing the PASTA threat model and use cases\n Reviewing the STRIDE threat model and use cases\n Reviewing the VAST threat model and use cases\n Reviewing the Trike threat model and use cases\n Reviewing attack trees\n Summary\nChapter 4: What Is the ATT&CK Framework?\n A brief history and evolution of ATT&CK\n Overview of the various ATT&CK models\n Summary\nPart 2 – Detection Improvements and Alignment with ATT&CK\nChapter 5: A Deep Dive into the ATT&CK Framework\n Technical requirements\n A deep dive into the techniques in the cloud framework\n A deep dive into the techniques in the Windows framework\n A deep dive into the techniques in the macOS framework\n A deep dive into the techniques in the network framework\n A deep dive into the techniques in the mobile framework\n Summary\nChapter 6: Strategies to Map to ATT&CK\n Technical requirements\n Finding the gaps in your coverage\n Prioritization of efforts to increase efficiency\n Examples of mappings in real environments\n Summary\nChapter 7: Common Mistakes with Implementation\n Technical requirements\n Examples of incorrect technique mappings from ATT&CK\n Examples of poor executions with detection creation\n Summary\nChapter 8: Return on Investment Detections\n Technical requirements\n Reviewing examples of poorly created detections and their consequences\n Finding the winners or the best alerts\n Measuring the success of a detection\n Requirement-setting\n Use cases as coverage\n What metrics should be used\n Summary\nPart 3 – Continuous Improvement and Innovation\nChapter 9: What Happens After an Alert is Triggered?\n Technical requirements\n What’s next? Example playbooks and how to create them\n Flowcharts\n Runbooks via security orchestration, automation, and response (SOAR) tools\n Templates for playbooks and best practices\n Summary\nChapter 10: Validating Any Mappings and Detections\n Technical requirements\n Discussing the importance of reviews\n Saving time and automating reviews with examples\n Turning alert triage feedback into something actionable\n Summary\nChapter 11: Implementing ATT&CK in All Parts of Your SOC\n Technical requirements\n Examining a risk register at the corporate level\n Applying ATT&CK to NOC environments\n Mapping ATT&CK to compliance frameworks\n Using ATT&CK to create organizational policies and standards\n Summary\nChapter 12: What’s Next? Areas for Innovation in Your SOC\n Technical requirements\n Automation is the way\n Scaling to the future\n Helping hands – thoughts from industry professionals\n Summary\nIndex\nAbout Packt\nOther Books You May Enjoy