Packt Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities

This book shows that threat detection is not just about creating and implementing rules in a detection tool like a SIEM. It is also about understanding the initial requirements of these rules, the data sources that support them, continuous testing and validation, ensuring that they have the right coverage, and measuring their performance. The title is spot on because I was able to use the information right away to improve our SIEM rule management and learn how to come up with new detections using public information such as repos from other vendors, the Sigma project, or blog posts.

It's a good book! Definitely more practical than those exam books which are full of theories and It actually inspired me to start a little project.

Since becoming a detection engineer, many people have approached me asking for advice on how to develop their DE skills. There are some good sources of information out there for the conceptual piece, and some options for self-directed hands-on work that are suitable for those with experience but overwhelming for those just beginning to learn about DE. I struggled to find resources that had a good balance between teaching theory and guiding newer learners through more practical scenarios. This book bridges the gap. It’s approachable for someone who has some general infosec knowledge and experience while still offering valuable considerations and additional references for those already working in a DE capacity. It’s well-structured, easy to read, and does a nice job of explaining both conceptual and practical points. I have already recommended this book to others and am happy to have a resource to recommend in the future.

The authors have done a great job at easing the reader into the concepts of Detection Engineering using real world use cases. It helped me develop another perspective to approaching detection Engineering.