Online Courses
Cyber Threat Hunting
Online Courses
Cyber Threat Hunting
  • Cyber Threat Hunting
  • Introduction
    • What is cyber threat hunting?
    • Implementation considerations
    • Threat hunting models
    • Benefits of threat hunting
  • Threat Hunting Artifacts and Types
    • Artifacts and types
    • IOCs and IOAs
    • Indicators of compromise
    • Tactics, techniques and procedures (TTPs)
  • Threat hunting techniques and generative AI
    • Aggregation of data sources
    • Anomalies and baselining
      • Baselining
      • Searching
      • Grouping and clustering with AI
  • Threat hunting methodologies
    • Introduction
    • Structured hunting (MITRE)
    • Unstructured hunting
    • Entity driven hunting
  • Threat hunting data and technologies
    • Data and technologies
    • Network data
    • Endpoint data
    • Security information and event management (SIEM)
    • Threat intelligence platforms
    • Ticketing/SOAR
  • Cyber threat hunting process
    • Introduction
    • Scoping and hypothesis development
    • Formulate
    • Execution
    • Cyber threat hunting: Lessons learned
  • Cyber threat hunting scenarios
    • Structured hunt scenario
    • Unstructured hunt scenario
    • Entity-driven hunt scenario
    • Situation-driven hunt scenario
  • Hunting for network-based threats
    • Network Threats
    • DNS abnormalities
    • Hunting for DDoS activity
    • Hunting for suspicious domains
    • Hunting for irregular traffic
  • Hunting for host-based threats
    • Host-based threats
    • Malware
    • Hunting for irregular processes
    • Process hierarchy
    • Detecting lateral movement
    • Hunting for malicious files
    • Database swells
  • Quiz
Powered by GitBook
On this page
  • Feedback
  • Lessons learned
  • Scope
  • Formulate
  • Execute
  1. Cyber threat hunting process

Cyber threat hunting: Lessons learned

Feedback

This is the final step of the process that analyzes all steps of the hunt

All parties involved in he hunt provide their feedback for the different stages

Examples:

  • Was the hypothesis defined well?

  • Was the outcome achieved?

  • Were identified data sources relevant?

  • Were the techniques used appropriate for the hunt?

  • Were there any visibility gaps?

Lessons learned

After execution of the hunt, analyze all steps of the hunt to determine what worked well and what improvements if any are needed to strengthen the threat hunting process

All parties involved in the hunt should provide feedback for the relevant phases

Scope

What do we think of the quality of scope?

  • Were systems correctly identified?

  • Were data sources relevant?

  • Did hypothesis development capture all analytical questions?

  • Were drivers for hypothesis development helpful?

  • Could we have done anything different?

Formulate

  • How well did we identify relevant data sources?

  • Did analysis techniques support the hunt?

  • Were tools identified correctly and were they helpful?

Execute

  • How well did we conduct the data analysis?

  • Did we need to consider additional data sets?

  • Were analysis techniques executed well?

  • Did we need additional analysis techniques?

  • Were tools adequate for analysis?

PreviousExecutionNextStructured hunt scenario

Last updated 9 months ago