情报驱动事件响应（Intelligence-Driven Incident Response: Outwitting the Adversary）是近年来出版的网络威胁情报（Cyber threat intelligence，CTI）领域最好的书籍之一。该书第一版于2017年发布，第二版于2023年6月发布。国内这两年也出版了两本，分别是《威胁情报驱动企业网络防御》安恒信息和《网络威胁情报技术指南》天际友盟。

第二版序言

欢迎来到情报驱动事件响应的精彩世界！情报，特别是网络威胁情报，有巨大潜力帮助网络防御者更好地理解和应对攻击者针对他们网络的行动。

在《情报驱动的事件响应》第一版中，我们的目标是展示情报是如何融入到事件响应过程中的，并说明采取当时似乎是一种新的方法来了解对手并减少检测、响应和补救入侵的时间。在第一版发布后的几年里，我们看到该领域在数量和能力上都有巨大的增长。我们在第二版中的目标是继续与社区一起成长，加入更多的技术、方法、经验教训和案例研究，以帮助更加无缝地将这些概念整合到每天保护我们所依赖技术安全性工作中。

不管您身处何种位置，刚开始涉足网络安全领域、正在从其他安全领域转型进入网络威胁情报或已经是资深专业人士，我们希望您会发现本书是一个有价值的工具，帮助您在使世界更加安全的任务中取得成功。

Welcome to the exciting world of intelligence-driven incident response! Intelligence—specifically, cyber threat intelligence—has a huge potential to help network defenders better understand and respond to attackers’ actions against their networks.

With the first edition of Intelligence-Driven Incident Response, our goal was to demonstrate how intelligence fits into the incident-response process and make the case for taking what seemed to be at the time, a novel approach to understanding adversaries and reducing the time it takes to detect, respond to, and remediate intrusions. In the years that have passed since the first edition was released, we have seen tremendous growth in the field, both in numbers and capabilities. Our goal in this second edition is to continue to grow along with the community, adding in additional techniques, methods, lessons learned, and case studies to help more seamlessly integrate these concepts into the critical work that is being done every day to secure the technology that we rely on every day.

Wherever you are in your journey, whether you are just starting in cybersecurity, are transitioning from another security domain into cyber threat intelligence, or are a seasoned professional, we hope you find this book a valuable tool to help you in your mission of making the world a more secure place.

目录

第一部分 基础篇

第1章 概述

第2章 情报基础

第3章 事件响应基础

第二部分 实战篇

第4章 查找

第5章 定位

第6章 消除

第7章 利用

第8章 分析

第9章 传播

第三部分 高级篇

第10章 战略情报

第11章 建立情报计划

作者介绍

Rebekah Brown在情报分析领域工作了20多年。她之前的职位包括NSA网络战争分析师、美国海军陆战队网络部队运营主管和美国网络司令部训练和演习负责人。她曾协助开发联邦、州和地方层面以及多个财富500强公司的威胁情报和安全意识计划。

Rebekah Brown has spent more than two decades working in the intelligence analysis community. Her previous roles include NSA network warfare analyst, operations chief of a US Marine Corps cyber unit, and US Cyber Command training and exercise lead. She has helped develop threat intelligence and security awareness programs at the federal, state, and local levels, as well as at multiple Fortune 500 companies.

Scott J. Roberts是一位安全领袖、分析师、软件开发人员和作家。他是Interpres Security的威胁研究负责人，并在国防工业基地以及GitHub、Apple、Splunk和最近的Argo AI领导了安全团队和项目。

Scott J. Roberts is a security leader, analyst, software developer, and author. He is head of Threat Research for Interpres Security and has led security teams and projects in the defense industrial base and at GitHub, Apple, Splunk, and most recently, Argo AI.

在线试读（全书内容）地址：

https://learning.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/