Detect and investigate quite a lot of cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
- Understand and analyze quite a lot of modern cyber threats and attackers’ techniques
- Gain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logs
- Explore popular cyber threat intelligence platforms to investigate suspicious artifacts
Book Description
Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It’s a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and quite a lot of attacker techniques that will help you hone your incident investigation skills.
The book begins by explaining phishing and email attack types and how to detect and investigate them, along side Microsoft log types such as Security, System, PowerShell, and their events. Next, You’ll be able to learn to detect and investigate attackers’ techniques and malicious activities within Windows environments. As you make progress, You’ll be able to find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats The usage of quite a lot of security solution alerts, including EDR, IPS, and IDS. You’ll be able to also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.
By the end of this book, You’ll be able to have learned how to analyze popular systems and security appliance logs that exist in any environment and explore quite a lot of attackers’ techniques to detect and investigate them with ease.
What you are going to learn
- Get familiarized with and investigate quite a lot of threat types and attacker techniques
- Analyze email security solution logs and bear in mind email Waft and headers
- Find out how to analyze Microsoft event logs
- Practical investigation of the quite a lot of Windows threats and attacks
- Analyze web proxy logs to investigate C&C communication attributes
- Understand web application firewall (WAF) logs and examine quite a lot of external attacks
- Analyze FW logs and security alerts to investigate cyber threats
- Understand the role of CTI in investigation and identify potential threats
Who this book is for
This book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you wish to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.
Table of Contents
- Investigating Email Threats
- Email Waft and Header Analysis
- Introduction to Windows Event Logs
- Tracking Accounts Login and Management
- Investigating Suspicious Process Execution The usage of Windows Event Logs
- Investigating PowerShell Event Logs
- Investigating Persistence and Lateral Movement The usage of Windows Event Logs
- Network Firewall Logs Analysis
- Investigating Cyber Threats by The usage of the Firewall Logs
- Web Proxy Logs Analysis
(N.B. Please use the Look Inside option to see further chapters)
Reviews
There are no reviews yet.