5 Investigating Detection Requirements

In Chapter 4, we discussed the various data sources that may be leveraged for creating and implementing detections. We also provided guidance on understanding what data sources provide the most value to your organization. Lastly, a new data source was added to our Elastic Stack as part of a lab demonstrating the inclusion of additional data sources.

Now that we know how to get data flowing through our detection engineering lab, we can begin discussing the detections themselves. In this chapter, we’ll specifically discuss prioritizing detection requirements, establishing a detection repository, and how to deploy detection code.

We will cover the following main topics in this chapter:

Revisiting the phases ...

Get Practical Threat Detection Engineering now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Detection Engineering by Megan Roddie, Jason Deyalsingh, Gary J. Katz

5

Investigating Detection Requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly