{"title":"Blue Team Handbook","description":null,"products":[{"product_id":"blue-team-handbook-book-don-murdoch-9781091493896","title":"Blue Team Handbook","description":"Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases is having an amazing impact on Security Operations worldwide. BTHb: SOCTH is the go to guiding book for new staff at a top 10 MSSP, integrated into University curriculum, and cited in top ten courses from a major information security training company. This listing is for V1.02.BTHb: SOCTH provides the security practitioner with numerous field notes on building a security operations team, managing SIEM, and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations is a no frills, just information format. Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years.This book covers the topics below using a zero fluff approach as if you hired him as a security consultant and were sitting across the table with him (or her).The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform, both questions that Don found is often answered poorly by many vendors. Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. Major sections include: An inventory of Security Operations Center (SOC) Services.Metrics, with a focus on objective measurements for the SOC, for analysts, and for SIEM's.SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst.Maturity analysis for the SOC and the log management program. Applying a Threat Hunt mindset to the SOC. A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion of this chapter on YouTube. Just search for the 2017 Security Onion conference for the presentation.Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel.Understanding why SIEM deployments fail with actionable compensators. Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. Issues relating to time, time management, and time zones.","brand":"WoB","offers":[{"title":"GB \/ VERY_GOOD \/ INTERNAL","offer_id":49540538827025,"sku":"GOR012937468","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ GOOD \/ INTERNAL","offer_id":50214343377169,"sku":"GOR013890286","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ GOOD \/ SBYB","offer_id":51684425466129,"sku":"CIN1091493898G","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ LIKE_NEW \/ INTERNAL","offer_id":52110499184913,"sku":"GOR014477854","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ NEW \/ INGRAM","offer_id":53075115770129,"sku":"NIN9781091493896","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ WELL_READ \/ INTERNAL","offer_id":53251244556561,"sku":"GOR014831536","price":0.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/1091493898.jpg?v=1751143098"},{"product_id":"blue-team-handbook-book-don-murdoch-gse-9781500734756","title":"Blue Team Handbook","description":"\u003cfont color=\"red\"\u003eBTHb:INRE - Version 2.2 now available.\u003c\/font\u003eVoted #3 of the 100 Best Cyber Security Books of All Time by Vinod Khosla, Tim O'Reilly andMarcus Spoons Stevens on BookAuthority.com as of 06\/09\/2018!The Blue Team Handbook is a \"zero fluff\" reference guide for cyber security incident responders, security engineers, and InfoSec pros alike. The BTHb includes essential information in a condensed handbook format. Main topics include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and numerous other quick reference topics. The book is designed specifically to share \"real life experience\", so it is peppered with practical techniques from the authors' extensive career in handling incidents. Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server - this book should help you handle the case and teach you some new techniques along the way.\u003cbr\u003e \u003cbr\u003e \u003cbr\u003e \u003cfont color=\"darkblue\"\u003eVersion 2.2 updates:\u003cbr\u003e - *** A new chapter on Indicators of Compromise added.\u003cbr\u003e - Table format slightly revised throughout book to improve readability.\u003cbr\u003e - Dozens of paragraphs updated and expanded for readability and completeness.\u003cbr\u003e - 15 pages of new content since version 2.0.\u003c\/font\u003e","brand":"WoB","offers":[{"title":"GB \/ VERY_GOOD \/ INTERNAL","offer_id":49550321877265,"sku":"GOR007544064","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ GOOD \/ SBYB","offer_id":49769269461265,"sku":"CIN1500734756G","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ VERY_GOOD \/ SBYB","offer_id":50283361763601,"sku":"CIN1500734756VG","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ NEW \/ INGRAM","offer_id":51031106978065,"sku":"NIN9781500734756","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ GOOD \/ INTERNAL","offer_id":51403602133265,"sku":"GOR010017326","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ WELL_READ \/ INTERNAL","offer_id":53597608575249,"sku":"GOR009958014","price":0.0,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/1500734756.jpg?v=1750989507"},{"product_id":"blue-team-handbook-book-don-murdoch-9781726273985","title":"Blue Team Handbook","description":"NOTE: As of 4\/6\/18, BTHb: SOCTH is rev'd to 1.02. This entry is for the first version Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases provides the security practitioner with numerous field notes on building a security operations team and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations after implementing five major platforms, integrating over one hundred data sources into various platforms, and running a MSSP practice.This book covers the topics below using a zero fluff approach as if you hired him as a security consultant and were sitting across the table with him (or her). Topics covered include: -The book begins with a discussion for professionals to help them build a successful business case and a project plan, and deciding on SOC tier models. There is also a list of tough questions you need to consider when proposing a SOC, as well as a discussion of layered operating models. - It then goes through numerous data sources that feed a SOC and SIEM and provides specific guidance on how to use those data sources. Most of the examples presented were implemented in one organization or another. These uses cases explain how to use a SIEM and how to use the data coming into the platform, a question that is poorly answered by many vendors.-An inventory of Security Operations Center (SOC) Services.- Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. - Metrics, with a focus on objective measurements.-SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst. - Maturity analysis for the SOC and the log management program. - Applying a Threat Hunt mindset to the SOC. - A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion on YouTube - search for the 2017 Security Onion conference. - Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel. - Understanding why SIEM deployments fail with actionable compensators. - Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. - Issues relating to time, time management, and time zones. - Critical factors in log management, network security monitoring, continuous monitoring, and security architecture related directly to SOC and SIEM.- A table of useful TCP and UDP port numbers. This is the second book in the Blue Team Handbook Series. Volume One, focused on incident response, has over 32,000 copies in print and has a 4.6\/5.0 review rating Version 1.0.1 - Updated Dec 12, 2018: Minor spelling and grammar updates.","brand":"WoB","offers":[{"title":"- \/ - \/ -","offer_id":51524382621969,"sku":"","price":0.0,"currency_code":"GBP","in_stock":true},{"title":"US \/ GOOD \/ SBYB","offer_id":51524382851345,"sku":"CIN1726273989G","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ VERY_GOOD \/ SBYB","offer_id":53054306353425,"sku":"CIN1726273989VG","price":0.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/1726273989.jpg?v=1751410123"}],"url":"https:\/\/www.worldofbooks.com\/en-gb\/collections\/blue-team-handbook-book-series.oembed","provider":"World of Books ","version":"1.0","type":"link"}