3 Building a Detection Engineering Test Lab

In Chapter 2, we introduced the detection engineering (DE) life cycle and provided a high-level overview of each of its phases. In this chapter, we will walk through the process of building a DE lab so that we can practice the concepts that will be introduced throughout the rest of this book.

Before we get started, we need to cover the technical components of a typical detection environment. As mentioned in Chapter 1, DE exists to help the cyber security function protect assets. To protect assets at scale, these assets first need to forward event telemetry to a central log store. In more complex configurations, multiple data stores are involved and separate processes are used to compute relevant statistics ...

Get Practical Threat Detection Engineering now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Detection Engineering by Megan Roddie, Jason Deyalsingh, Gary J. Katz

3

Building a Detection Engineering Test Lab

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly