Best Detection books

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Evading EDR

The Definitive Guide to Defeating Endpoint Detection Systems

A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

Malware Data Science

Attack Detection and Attribution

Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.

Network Security Through Data Analysis

From Data to Action

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Sécurité et espionnage informatique

Connaissance de la menace APT et du cyberespionnage

A technical French guide to advanced persistent threats and cyber-espionage — how APT campaigns work, how to detect them, and how to defend — by one of France's APT specialists.

Applied Network Security Monitoring

Collection, Detection, and Analysis

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

Tableaux de bord de la sécurité réseau

A practitioner's manual for measuring and steering network security — metrics, dashboards, monitoring and risk indicators — for the people who run security operations.