Learn essential strategies to streamline and secure your organization's data handling from a cybersecurity expert who has trained military intelligence personnel.When a cyber security incident occurs, how does anyone know? Data must leave workstations and servers, bounce across the network, and land in a central database before analysts can use it. This project-based book covers that complex space between an organization’s computers and the security analyst tasked with protecting them. The guidance is straightforward, and the focus is on streamlining the process of gathering, transforming, and storing cybersecurity data using free and open-source tools.
The author elaborates on core logging strategies, while also emphasizing the importance of standardizing data, using encryption to protect transmitted data, and creating “data pipelines” that support cybersecurity, data analytics, and automation needs alike. You’ll how to:
- Implement core logging strategies using free tools such as the Elastic stack
- Transform data to fit your needs, and configure your tools to send it back and forth
- Secure your logging infrastructure by encrypting connections using TLS and SSH
- Handle version control and backups with Git, and improve your efficiency with caching
By the end, you’ll know how to enrich your security data, protect it from unauthorized parties, and automate your workflow in the process – leaving more room for creative thinking.
Acknowledgments
Introduction
Part I: Foundations of Secure Data Engineering
Chapter 1: Data Engineering Basics
Chapter 2: Network Encryption
Chapter 3: Source and Configuration Management
Part II: Log Extraction and Management
Chapter 4: Endpoint and Network Data
Chapter 5: Windows Logs
Chapter 6: Integrating and Storing Data
Chapter 7: Working with Syslog Data
Part III: Data Transformation and Standardization
Chapter 8: Data Manipulation Pipelines
Chapter 9: Transformation Filters
Part IV: Data Centralization, Automation, and Enrichment
Chapter 10: Centralizing Security Data
Chapter 11: Automating Tool Configurations
Chapter 12: Ansible Tasks and Playbooks
Chapter 13: Caching Threat Intelligence Data
Index
James Bonifield has over a decade of experience analyzing malicious activity, implementing data pipelines, and training others in the security industry. He has built enterprise-scale log solutions, automated detection workflows, and led analyst teams investigating major cyber threat actors. Bonifield holds numerous certifications and enjoys spending time with his family, traveling, and tinkering with all things security and Python related.
