Overview

Stop chasing alerts-start hunting adversaries. Cyber Threat Hunting: Tools and Techniques for Modern SOC Teams is a hands-on field guide for blue teamers who want to move beyond reactive triage. You'll learn a repeatable, hypothesis-driven approach to uncover stealthy attackers across endpoint, identity, network, and cloud-then turn those discoveries into durable detections. What you'll learn Hunt methodology: baselining, forming hypotheses, scoping data sources, and measuring outcomes (MTTD/MTTR, coverage). Telemetry that matters: Sysmon/Windows Event IDs, Linux auditd, macOS logs, EDR and identity signals, Zeek/Suricata, DNS/HTTP, CloudTrail/AD/Azure AD/Okta. Query & detect: craft high-signal hunts with KQL (Microsoft), SPL (Splunk), and Elastic queries; pivoting, stacking, and outlier analysis. Technique coverage: map hunts to MITRE ATT&CK (lateral movement, credential access, persistence, C2), plus living-off-the-land behaviors. Detection engineering: Sigma → SIEM, YARA for triage, detection-as-code, versioning, testing, and continuous improvement. Forensics & triage: process trees, memory snapshots (Volatility), artifact triage, and enrichment/automation playbooks. Cloud & SaaS hunts: IaaS control planes, workload metadata, serverless traces, and identity-centric anomalies. Operationalizing hunts: purple teaming, runbooks, metrics, dashboards, and building a hunt program that scales. Packed with ready-to-run examples, checklists, and playbooks, this book helps SOC analysts, incident responders, and detection engineers find what your SIEM misses-and keep it from coming back. Grab the eBook, paperback, or hardcover today and start hunting with confidence.

Full Product Details

9798266067028

Table of Contents

Reviews

Author Information

Tab Content 6

Countries Available