Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.

Update - version 3.0 has soooo much more depth. Really nice update. Solid info, brief and informative, wide coverage on incident issues. Bought a second copy recently (gave away #1), have read through it, and the update does improve wording, fixes the few spelling errors someone complained about in V1, and has great packet header charts in the back. Got my copy autographed at a SANS conference to boot! I hear there are more titles in the series planned with a few underway.

Great Resource to Have on hands for Security Analysts. I have been using many of the techniques described in this book over the past few years but this book expanded on that knowledge a bit more than I was used to. It's great because it has all of the most common things one would typically run into on their day-to-day job as a security analyst. Not completely comprehensive but that's not the purpose of this book.

I was recommended this Handbook by an Incident Responder with over 10 years experience (whom was also recommended it within his professional network). I've been utilizing version 1.0 of this handbook for almost 3 months now and, I must say, it's the perfect field manual not only for Incident Responders but for any class of Information Security Professional. Back in college I started crafting a reference manual of my own wishing I had something like this. I'm happy to see that I wasn't the only person when I was recommended this Handbook. Initially my only wish was for it to have had reference diagrams for common packet headers. However, shortly after that I learned of version 2.0. For that reason, I immediately purchased version 2.0. Background: 3 years experience as an Information Security Analyst

Nice companion to the RTFM. I have been in INFOSEC for a while and I found most of the book to be somewhat generic. My feelings may not apply to everyone else though. There seems to be an idea out there that everyone in INFOSEC sits around grepping Snort logs and/or TCP dumps; this simply is not the case. As an incident first responder the job is fairly straight forward: isolate and collect the logs. Everyone has their own methods I guess. Some OS'es require you leave the system connected before collecting logs this book does not cover that aspect. Not everyone can afford a SANS course so in that respect this condensed field guide is a plus+. Simply put; you cannot afford to not have this book. A must buy.

This little pocket book is absolutely a must have for Incident responders. It will provide some wonderful insight on what should be done in all the stages of traditional IR. A must have!

Great Book to give insight to the blue team side. It has some of that simple common sense stuff. But it takes that and puts it into a plan! Very deep insight into the importance of being prepared and explaining why. Also has some cool more advance advice to read up on. Gives command line examples of different parameters to use and shows the result you will get.

Fits in the jump bag & a zip lock to protect the pages - Crafted my own pocket flap inserts to add personal notes for my employer on large index cards (org chart by title with penciled in names, numbers & schedules); IT LAN map with details on each system in case it is needed in a jiff (except passwords - don't be stupid!) It didn't help me pass the minors, but I am a non-military female. I don't think God could have gotten me through those men who love to fail women!

If you are responsible for defending your castle, you need to add this book to your high-tech "bug-out" bag. Don makes it easy to find the most pertinent methods and tools to assist with your Incident Response tasks. If your like me, and not just strictly dedicated to corporate IR duty, this will be your bible!! Brian Redick KTH Parts Industries, Inc.

Great book as a guide

This book is quite good. Condensed commands and references to what needs to be looked at from an Incident Response perspective. I would highly recommend this to anyone willing to add to their knowledge. Please be aware, this book is not for learning Incident Response, but for bring a structure to how you handle these incidents/cases.

Questo libro ha lo scopo di fornire un approccio rapido verso la difesa da eventuali attacchi informatici. Offre diversispunti per mettere insiemeuna procedura per definire/catalogare l'incidente fino ad offrire comandi e software per scoprire chi, come e quando è riuscito a creare una breccia nel sistema. Sono ancora ai primi capitoli, ma giá da lì ho scoperto alcune vulnerabilità di cui non ero a conoscenza. Con poche direttive aggiunte ad apache, ho un sistema più sicuro. Davvero, gli spunti e gli strumenti per analizzare la propria infrastruttura sono molti. Più lo leggo, più mi appassiono al versante "sicurezza". Consigliato a chi gestisce server e reti aziendali. Essendo un libriccino veloce, non si può dire di non avere tempo per leggerlo!

Really great SOC uses-cases, very good to start guide for SOC engineers/managers. Great indepth coverage of basics and concepts critical for SOC/SIEM/D&R guys. Would really recommend this book to OT Cybersecurity Engineers or anyone from cys detection. As you can see from TOC, the micro topics, are covered, basics are always so critical in cybersecurity field. If you cannot apply fundamental into your program/projects, it's no use. So do get this guide. Handy and easy to digest! Highly recommended! :) cheers!

A real must have for all those involved in IR procedures design, a very useful summary for those who work in cyber security in general and want to have a