Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

This is one of those books which takes you on a learning journey. The other works it references along the way builds a reading list which allows the reader to decide how deeply they wish to deleve into the topic. I wish there were more academic sources cited however so far i very impressed.

This book presents great examples and covers the concepts well. There are a few typographical errors but the material is sound.

i bought a couple yrs ago. today it's still an all encompassing well explained layout of what threat intel is and why. as someone who has worked in threat intel, i can say this has all the things to set you up for success.

Really well articulated. Great resource if you’re looking to learn how to operationalize the MITRE ATT&CK threat Library.

A great book full of examples to start a Thea Hunting program. It covers not only the technical requirements but also themost basic issues of such a program. The laboratory is just great, covering recent technologies aligned with big data principles.This book is just a great way to go from zero to something more than average. The rest is time and experience.

I have taken Threat Hunting courses before, however, this book is with out a doubt the best book to purchase for the subject! By the way, this was not written 5 years ago where the principles have already changed. This was published early part of 2021 and is ahead of its time in regards to purple teaming. Best purchase I made in a long time.

Great book for cyber

I wanted to like this. The first 140 pages were a general overview of some concepts, tools, etc. But honestly, it took way too long to get going, way too long to get to the real guts of why you bought the book.However, things take a turn for the worse when you need to set up a lab.First, the author wants you to use VMware ESXI for the labs. For one, since Broadcom acquired it, ESXI is no longer free, so good luck with that. It's severely limiting and prevents you from diving deep. This was the first big bummer. Also having it be an ESXI is also kind of overkill in my opinion. Why not virtualbox?Second, most of the links or open-source projects are either dead or no longer being worked on. So, it really needs some new material to not only make it more engaging, but make it actually do-able.Third, unfortunately, you don't actually doing threat hunting until 250 pages in. The book is like 350 pages. And the "threat intelligence" part is no where to be seen. No integrations with MISP or OpenCTI or AlienVault, no processes for how to pivot from IOCs to TTPs, nothing. It's really kind of sad.