Practical Detection Engineering with Sigma: Implement Cross-Platform Threat Detections and SIEM Integration for Modern Security Operations (English Edition)

Bol

Write Once, and Detect Everywhere- Practical Sigma Rules for Modern SOCsBook DescriptionPractical Detection Engineering with Sigma is a hands-on guide to building, testing, and operationalizing modern detections in real SOC environments.The book walks you step by step through the full detection engineering lifecycle-from understanding Sigma fundamentals to writing structured rules and deploying them across SIEM and XDR platforms.What you will learn¿ Design and write structured, maintainable Sigma rules for diverse log sources and enterprise environments.¿ Translate adversary techniques into behavior-based detections, aligned with MITRE ATT&CK tactics and techniques.¿ Convert vendor-agnostic Sigma rules into optimized SIEM and XDR platform-specific queries.¿ Validate and test detections using real telemetry, simulated attacks, and threat emulation frameworks.¿ Reduce false positives through better logic design, field normalization, and contextual enrichment.¿ Implement scalable detection engineering practices using Git-based versioning, automation, and CI/CD pipelines.Table of Contents1. Understanding Sigma and Its Importance2. Anatomy of a Sigma Rule3. Sigma Rule Logic and Conditions4. Creating Rules for Windows Logs5. Creating Rules for Linux and Network Logs6. ATT&CK Mapping and TTP-Based Detection7. Threat Simulation and Rule Testing8. Sigma Rule Anti-Patterns and Best Practices9. Real-World Detection Use Cases10. Sigma Rules in SOC Workflows11. Converting Sigma to SIEM Queries12. Backend Limitations and Field Mapping Challenges13. Automating Detection Delivery with CI/CD14. Managing Rule Packs and Rule Versioning15. Threat Hunting with Sigma16. Intelligence-Driven Detection Engineering17. Sigma in Open Source XDR18. The Future of Sigma and Detection-as-Code Appendices Index

Amazon

Pagina's: 448, Paperback, Orange Education Pvt Ltd