Warning: a provider in mainland China has registered a variety of derivative names based on BlueTeamHandbook. These domains ae in no way affiliated with BThb: blueteamhandbook.asia, blueteamhandbook.cn, blueteamhandbook.com.cn, blueteamhandbook.net.cn, blueteamhandbook.org.cn. Please be so advised! (Oct 29, 2019)
Buy large Quantities
You used to be able to buy large quantities from Create Space. Amazon made CS go away and force marched us to Kindle Direct Publishing. I will ***never recommend*** KDP to anyone based on my experience. Look elsewhere.
Custom Covers and Branded Editions
Custom covers will be routed through OReilly - they have the Bear Cover version, after all.
Praise for BTHb:INRE: "This guide is chock full of useful information for infosec pros, especially blue team members and incident handlers. You could read it end-to-end for a treasure-trove of useful tips and tricks, or just keep it close by as a handy reference. Or both!" -- Ed Skoudis, Counter Hack.
Purchase:
BTHb: INRE: Amazon Paperback: https://www.amazon.com/dp/B0G5FP421K
BTHb: INRE: Amazon Kindle: https://www.amazon.com/dp/B0G4KS5JXK
Code is partly availabe on GitHub, and will be updated over Dec 2025 / Jan 2026; https://github.com/DonMVB/BlueTeam-Handbook/wiki
BTHb: SOCTH: Amazon USA link. Note: if the title says "currently unavailable", search again and use V1.0 in the title.
BTHb events - book tour, Podcasts, Blog mentions, tweets, and Don sightings. If you want your copy autographed ... look here.
Check out the Table of Contents. and the cover art. Read the forwards.
Welcome to the Blue Team Handbook (BTHb).
Volume One: Incident Response Edition was just updated to Version 3, and published on Amazon Dec 15, 2025 on Amazon.com. If you are looking for code, it is all being added to the book's GitHub project. This book will also be professionaly Published by O'Reilly Media, with a launch date of March 31, 2026 . You can check out the preview pages on Safari.
Some Stats: By October 2019. V1 to V.2.2 has 35K copies in print. By Nov 2025, 48K copies in print. Both handbooks have 54,555 copies in print as of Nov 30, 2025,
BTHb:INRE iwas listed at #10 out of 100 in the Book Authority.org Top 100 list. When the list debuted, BTHb:INRE was #3/100. BTHb:INRE is #2 of 20 on the Solution Review "The 20 Best Cybersecurity Books for Enterprises in 2019". Some reviews: Cybrary (V1.1). Five Stars on GoodReads.
Volume Two: SOC, SIEM, and Threat Hunting is currently a five star book on Amazon with 4K copies in print. See the ToC page for V1.02 updates.
BTHb:SOCTH is mentioned in several SANS Courses: SEC 511, SEC 450, 555, 530, and also in SEC 501.
Discussed on Security Weekly episode 586. (its on the Christmas tree!) and check out Eric Conrad's tweets.