Today I received my paid copy of "The Practice of Network Security Monitoring" by Richard Bejtlich from No Starch Press.
This was a topic near and dear to my heart in my previous position, and one I expect will come up often now. I'll post a review when I finish reading it.
If you've read it let me know your thoughts.