Chapter 7: Blue Team – Detect

In the previous chapter, we explained how to implement an efficient log collection architecture for various types of data sources. These techniques allow us to go forward to the next phase: Detect.

We often see organizations integrating all the logs and data sources of their company; this is, unfortunately, often a recommendation provided by Security Information and Event Management (SIEM) vendors and/or Managed Security Service Providers (MSSPs) (especially for volume and licensing costs). In fact, quality should go over quantity. In this chapter, we will present the different data sources that, from our point of view, are mandatory to be implemented for any blue team. We will go one step further by explaining ...

Get Purple Team Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Purple Team Strategies by David Routin, Simon Thoores, Samuel Rossier

Chapter 7: Blue Team – Detect

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly