Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh (Paperback)
Gupta, Rajneesh
- 出版商: Packt Publishing
- 出版日期: 2024-04-12
- 售價: $1,730
- 貴賓價: 9.5 折 $1,644
- 語言: 英文
- 頁數: 322
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1837632154
- ISBN-13: 9781837632152
-
相關分類:
資訊安全
立即出貨 (庫存=1)
買這商品的人也買了...
相關主題
商品描述
Learn how to set up zero-cost security automation, incident response, file integrity monitoring systems, and cloud security monitoring from scratch
Key Features
- Get a thorough overview of Wazuh's features and learn how to make the most of them
- Detect network and host-based intrusion, monitor for known vulnerabilities and exploits, and detect anomalous behavior
- Build a monitoring system for security compliance that adheres to frameworks such as MITRE ATT&CK, PCI DSS, and GDPR
- Purchase of the print or Kindle book includes a free PDF eBook
Book Description
Explore the holistic solution that Wazuh offers to improve your organization's cybersecurity posture with this insightful guide. Security Monitoring with Wazuh is a comprehensive resource, covering use cases, tool integration, and compliance monitoring to equip you with the skills you need to build an enterprise-level defense system.
The book begins by setting up an Intrusion Detection System (IDS), integrating the open-source tool Suricata with the Wazuh platform, and then explores topics such as network and host-based intrusion detection, monitoring for known vulnerabilities, exploits, and detecting anomalous behavior. As you progress, you'll learn how to leverage Wazuh's capabilities to set up Security Orchestration, Automation, and Response (SOAR). The chapters will lead you through the process of implementing security monitoring practices aligned with industry standards and regulations. You'll also master monitoring and enforcing compliance with frameworks such as PCI DSS, GDPR, and MITRE ATT&CK, ensuring that your organization maintains a strong security posture while adhering to legal and regulatory requirements.
By the end of this book, you'll be proficient in harnessing the power of Wazuh and have a deeper understanding of effective security monitoring strategies.
What you will learn
- Find out how to set up an intrusion detection system with Wazuh
- Get to grips with setting up a file integrity monitoring system
- Deploy Malware Information Sharing Platform (MISP) for threat intelligence automation to detect indicators of compromise (IOCs)
- Explore ways to integrate Shuffle, TheHive, and Cortex to set up security automation
- Apply Wazuh and other open source tools to address your organization's specific needs
- Integrate Osquery with Wazuh to conduct threat hunting
Who this book is for
This book is for SOC analysts, security architects, and security engineers who want to set up open-source SOC with critical capabilities such as file integrity monitoring, security monitoring, threat intelligence automation, and cloud security monitoring. Managed service providers aiming to build a scalable security monitoring system for their clients will also find valuable insights in this book. Familiarity with basic IT, cybersecurity, cloud, and Linux concepts is necessary to get started.
Table of Contents
- Intrusion Detection System (IDS) Using Wazuh
- Malware Detection Using Wazuh
- Threat Intelligence and Analysis
- Security Automation and Orchestration Using Shuffle
- Incident Response with Wazuh
- Threat Hunting with Wazuh
- Vulnerability Detection and Configuration Assessment
- Appendix
- Glossary
商品描述(中文翻譯)
學習如何從零開始建立零成本的安全自動化、事件回應、檔案完整性監控系統和雲端安全監控。主要特點包括:
- 全面瞭解Wazuh的功能並學習如何充分利用它們
- 檢測基於網絡和主機的入侵,監控已知的漏洞和攻擊,並檢測異常行為
- 建立符合MITRE ATT&CK、PCI DSS和GDPR等框架的安全合規監控系統
- 購買印刷版或Kindle電子書將包含免費的PDF電子書
書籍描述:
通過這本富有洞察力的指南,探索Wazuh提供的整體解決方案,以提升您組織的網絡安全姿態。《使用Wazuh進行安全監控》是一本全面的資源,涵蓋了使用案例、工具整合和合規監控,為您提供構建企業級防禦系統所需的技能。
本書首先建立了一個入侵檢測系統(IDS),將開源工具Suricata與Wazuh平台整合,然後探討了網絡和主機的入侵檢測、已知漏洞的監控、攻擊和異常行為的檢測等主題。隨著進展,您將學習如何利用Wazuh的功能來建立安全編排、自動化和回應(SOAR)。本書的章節將引導您實施符合行業標準和法規的安全監控實踐。您還將掌握使用PCI DSS、GDPR和MITRE ATT&CK等框架進行監控和執行合規性的技巧,確保您的組織在遵守法律和法規要求的同時保持強大的安全姿態。
通過閱讀本書,您將能夠熟練運用Wazuh的功能,並對有效的安全監控策略有更深入的理解。
您將學到以下內容:
- 瞭解如何使用Wazuh建立入侵檢測系統
- 掌握如何建立檔案完整性監控系統
- 部署威脅情報自動化平台(MISP)以檢測威脅指標(IOCs)
- 探索整合Shuffle、TheHive和Cortex以建立安全自動化的方法
- 應用Wazuh和其他開源工具來滿足組織的特定需求
- 將Osquery與Wazuh整合以進行威脅狩獵
本書適合SOC分析師、安全架構師和安全工程師,他們希望建立具有關鍵功能(如檔案完整性監控、安全監控、威脅情報自動化和雲端安全監控)的開源SOC。希望為客戶建立可擴展的安全監控系統的托管服務提供商也可以在本書中找到有價值的見解。熟悉基本的IT、網絡安全、雲端和Linux概念是開始閱讀的必要條件。
目錄:
1. 使用Wazuh建立入侵檢測系統(IDS)
2. 使用Wazuh進行惡意軟體檢測
3. 威脅情報和分析
4. 使用Shuffle進行安全自動化和編排
5. 使用Wazuh進行事件回應
6. 使用Wazuh進行威脅狩獵
7. 漏洞檢測和配置評估
8. 附錄
9. 术语表