Packt Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities

This book shows that threat detection is not just about creating and implementing rules in a detection tool like a SIEM. It is also about understanding the initial requirements of these rules, the data sources that support them, continuous testing and validation, ensuring that they have the right coverage, and measuring their performance.The title is spot on because I was able to use the information right away to improve our SIEM rule management and learn how to come up with new detections using public information such as repos from other vendors, the Sigma project, or blog posts.

Since becoming a detection engineer, many people have approached me asking for advice on how to develop their DE skills. There are some good sources of information out there for the conceptual piece, and some options for self-directed hands-on work that are suitable for those with experience but overwhelming for those just beginning to learn about DE. I struggled to find resources that had a good balance between teaching theory and guiding newer learners through more practical scenarios.This book bridges the gap. It’s approachable for someone who has some general infosec knowledge and experience while still offering valuable considerations and additional references for those already working in a DE capacity. It’s well-structured, easy to read, and does a nice job of explaining both conceptual and practical points. I have already recommended this book to others and am happy to have a resource to recommend in the future.

The authors have done a great job at easing the reader into the concepts of Detection Engineering using real world use cases. It helped me develop another perspective to approaching detection Engineering.

I'll admit that there is some bias with reading this book, knowing some of the authors, and being familiar with the subject matter. If you have no experience on this subject matter, this book sort of jumps into the deep end, and some of the sections are very verbose, without saying much.From a 'Detection' Engineering Standpoint, this book has some decent examples, but can be fleshed out a lot better. From a book setup and design standpoint, this is where the book starts to fall apart. They do not properly call out the code in codeblocks that are easily readable. URLs appear at random in-line with the rest of the text material. It can be very jarring when trying to read the text holistically.I'd also note that there are some typos here and there, that may not have been intentional and just an oversight.Now, as someone with experience with majority of the material, I feel the value of the book shines in about the middle toward the end of the book. I liked some of the examples of utilizing Docker, however, they could have been clearer on how to set up and deploy certain things.All that being said, overall? The book is okay. I'd give it three stars. It would do better with some color on certain pages and the authors understanding how to call out important information. If they fixed some of those things, this book could be rated a lot higher.All of that being said -- the concepts in the book are solid. If you have no existing base knowledge, or are deploying these concepts as part of a robust security program? It's a solid book in that sense. There are some spots that can use improvement, but it is a great starting point.