some bookmarks

• Sniper Forensics:TA, Chris Pogue & Trustwave SpiderLabs, slides (2010)

• When Threat Intel Met DFIR, Thomas Chopitea & Ronan Mouchoux, live slides, pdf

• RedQueen 10 Strategies Carson Zimmerman and Mitre, book from Mitre pdf

• PNSM and TNSM, Richard Bejtlich : books, blog
  • PNSM for basic background, Security Onion, process, and scenarios
  • TNSM for deep background theory and wisdom, FreeBSD tips
• ANSM Applied NSM book, Chris Sanders and Jason Smith, the whole book, but especially:
  • 1.7 “Defining the Analyst”
  • 15 “The Analysis Process”
• OST.info School of SOC flowchart, r0x0r skill trees:

• CIS Workforce Handbook (info page)[http://www.cisecurity.org/workforce/workplace.cfm]

• Job roles, training and education tables:
  • CIS job roles & MCRP info page , paper pdf
  • DoD 8570 table

• OST.info

• David Bianco, “A Simple Hunting Maturity Model” Detect Respond Blog direct link

• NIST SPs, especially:
  • 800-61r2 : Computer Security Incident Handling Guides
  • 800-86 : Guide to Integrating Forensic Techniques into Incident Response
• DoD 6510 from http://www.jcs.mil/Library/CJCS-Manuals/

Chris Sanders blog and Phd work,eg

• http://chrissanders.org/2016/10/three-useful-soc-dashboards/

• FIXME link 10 SIEM dashboards slides