<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Professional Sources on Tarragon</title><link>https://tarrragon.github.io/blog/tags/professional-sources/</link><description>Recent content in Professional Sources on Tarragon</description><generator>Hugo -- gohugo.io</generator><language>zh-TW</language><copyright>Tarragon (CC BY 4.0)</copyright><lastBuildDate>Thu, 30 Apr 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://tarrragon.github.io/blog/tags/professional-sources/index.xml" rel="self" type="application/rss+xml"/><item><title>7.BM1 藍隊專業來源卡</title><link>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/</link><pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate><guid>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/</guid><description>&lt;p>專業來源卡的責任是把藍隊文章的外部依據整理成可回溯材料。每張卡只承擔一個來源，並標示來源定位、可引用論點、後端轉譯方式與引用限制。&lt;/p>
&lt;h2 id="來源地圖">來源地圖&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>來源卡&lt;/th>
 &lt;th>支撐主題&lt;/th>
 &lt;th>主要用途&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/nist-sp-800-61r3-incident-response/" data-link-title="NIST SP 800-61r3：事故回應作為風險管理能力" data-link-desc="把 NIST SP 800-61r3 轉成藍隊事故回應與風險治理素材">NIST SP 800-61r3&lt;/a>&lt;/td>
 &lt;td>事故回應與 CSF 對齊&lt;/td>
 &lt;td>把 incident response 接到治理流程&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/cisa-incident-vulnerability-response-playbooks/" data-link-title="CISA Playbooks：事故與漏洞回應程序" data-link-desc="把 CISA incident and vulnerability response playbooks 轉成藍隊流程素材">CISA Playbooks&lt;/a>&lt;/td>
 &lt;td>事故與漏洞回應程序&lt;/td>
 &lt;td>把流程拆成 checklist 與狀態追蹤&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mitre-d3fend-defense-vocabulary/" data-link-title="MITRE D3FEND：防守技術詞彙地圖" data-link-desc="把 MITRE D3FEND 轉成藍隊控制面與防守技術詞彙素材">MITRE D3FEND&lt;/a>&lt;/td>
 &lt;td>防守技術詞彙&lt;/td>
 &lt;td>統一控制面與 countermeasure 語言&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mitre-attack-evaluations-threat-informed-validation/" data-link-title="MITRE ATT&amp;amp;CK Evaluations：威脅導向驗證素材" data-link-desc="把 MITRE ATT&amp;amp;CK Evaluations 轉成藍隊 threat-informed validation 素材">MITRE ATT&amp;amp;CK Evaluations&lt;/a>&lt;/td>
 &lt;td>威脅導向驗證&lt;/td>
 &lt;td>把防守能力接到 adversary emulation&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/sigma-detection-rule-lifecycle/" data-link-title="Sigma：偵測規則生命週期素材" data-link-desc="把 Sigma detection format 轉成偵測規則欄位、誤報治理與維護流程素材">Sigma&lt;/a>&lt;/td>
 &lt;td>偵測規則格式&lt;/td>
 &lt;td>建立 detection-as-code 語言&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mandiant-m-trends-defender-pressure/" data-link-title="Mandiant M-Trends 2025：防守現場壓力素材" data-link-desc="把 Mandiant M-Trends 2025 轉成藍隊現場壓力與演練素材">Mandiant M-Trends 2025&lt;/a>&lt;/td>
 &lt;td>現場防守壓力&lt;/td>
 &lt;td>補充攻擊者繞過與 dwell time 壓力&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/sans-detection-engineering-survey/" data-link-title="SANS Detection Engineering Survey：偵測工程職能素材" data-link-desc="把 SANS detection engineering survey 轉成藍隊偵測工程與協作流程素材">SANS Detection Engineering Survey&lt;/a>&lt;/td>
 &lt;td>偵測工程職能趨勢&lt;/td>
 &lt;td>支撐偵測規則維護與協作流程&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="引用規則">引用規則&lt;/h2>
&lt;p>專業來源卡的引用規則是先確認文章要支撐的論點類型。流程論點引用 NIST/CISA，詞彙論點引用 MITRE D3FEND，驗證論點引用 MITRE ATT&amp;amp;CK Evaluations，規則生命週期引用 Sigma/SANS，現場壓力引用 Mandiant。&lt;/p>
&lt;h2 id="反向驗證">反向驗證&lt;/h2>
&lt;p>專業來源卡的限制段落是寫作安全閥。每張卡都要說明來源適合支撐什麼，也要說明來源需要在後端服務情境中重新轉譯的地方。&lt;/p></description><content:encoded><![CDATA[<p>專業來源卡的責任是把藍隊文章的外部依據整理成可回溯材料。每張卡只承擔一個來源，並標示來源定位、可引用論點、後端轉譯方式與引用限制。</p>
<h2 id="來源地圖">來源地圖</h2>
<table>
  <thead>
      <tr>
          <th>來源卡</th>
          <th>支撐主題</th>
          <th>主要用途</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/nist-sp-800-61r3-incident-response/" data-link-title="NIST SP 800-61r3：事故回應作為風險管理能力" data-link-desc="把 NIST SP 800-61r3 轉成藍隊事故回應與風險治理素材">NIST SP 800-61r3</a></td>
          <td>事故回應與 CSF 對齊</td>
          <td>把 incident response 接到治理流程</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/cisa-incident-vulnerability-response-playbooks/" data-link-title="CISA Playbooks：事故與漏洞回應程序" data-link-desc="把 CISA incident and vulnerability response playbooks 轉成藍隊流程素材">CISA Playbooks</a></td>
          <td>事故與漏洞回應程序</td>
          <td>把流程拆成 checklist 與狀態追蹤</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mitre-d3fend-defense-vocabulary/" data-link-title="MITRE D3FEND：防守技術詞彙地圖" data-link-desc="把 MITRE D3FEND 轉成藍隊控制面與防守技術詞彙素材">MITRE D3FEND</a></td>
          <td>防守技術詞彙</td>
          <td>統一控制面與 countermeasure 語言</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mitre-attack-evaluations-threat-informed-validation/" data-link-title="MITRE ATT&amp;CK Evaluations：威脅導向驗證素材" data-link-desc="把 MITRE ATT&amp;CK Evaluations 轉成藍隊 threat-informed validation 素材">MITRE ATT&amp;CK Evaluations</a></td>
          <td>威脅導向驗證</td>
          <td>把防守能力接到 adversary emulation</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/sigma-detection-rule-lifecycle/" data-link-title="Sigma：偵測規則生命週期素材" data-link-desc="把 Sigma detection format 轉成偵測規則欄位、誤報治理與維護流程素材">Sigma</a></td>
          <td>偵測規則格式</td>
          <td>建立 detection-as-code 語言</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/mandiant-m-trends-defender-pressure/" data-link-title="Mandiant M-Trends 2025：防守現場壓力素材" data-link-desc="把 Mandiant M-Trends 2025 轉成藍隊現場壓力與演練素材">Mandiant M-Trends 2025</a></td>
          <td>現場防守壓力</td>
          <td>補充攻擊者繞過與 dwell time 壓力</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/professional-sources/sans-detection-engineering-survey/" data-link-title="SANS Detection Engineering Survey：偵測工程職能素材" data-link-desc="把 SANS detection engineering survey 轉成藍隊偵測工程與協作流程素材">SANS Detection Engineering Survey</a></td>
          <td>偵測工程職能趨勢</td>
          <td>支撐偵測規則維護與協作流程</td>
      </tr>
  </tbody>
</table>
<h2 id="引用規則">引用規則</h2>
<p>專業來源卡的引用規則是先確認文章要支撐的論點類型。流程論點引用 NIST/CISA，詞彙論點引用 MITRE D3FEND，驗證論點引用 MITRE ATT&amp;CK Evaluations，規則生命週期引用 Sigma/SANS，現場壓力引用 Mandiant。</p>
<h2 id="反向驗證">反向驗證</h2>
<p>專業來源卡的限制段落是寫作安全閥。每張卡都要說明來源適合支撐什麼，也要說明來源需要在後端服務情境中重新轉譯的地方。</p>
]]></content:encoded></item></channel></rss>