Chapter 13: Creating and Deploying Detection Rules

In many security incidents, response times were long because threats were not detected early enough and adequately due to multiple factors. These include the improvement of the threat actor's ability to evade detection or the lack of detection of the monitoring tools because they did not have the configuration or information about that specific threat.

That is why it is so important to have a proactive approach in incident response, where it is assumed that, at some point, there will be security compromises that could not be detected by the Security Operation Center (SOC).

One way to do this is through rules to hunt threats in a more specific way to have a clear idea about what and where you ...

Get Incident Response with Threat Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response with Threat Intelligence by Roberto Martínez

Chapter 13: Creating and Deploying Detection Rules

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly