Online Courses
Cyber Threat Hunting
Online Courses
Cyber Threat Hunting
  • Cyber Threat Hunting
  • Introduction
    • What is cyber threat hunting?
    • Implementation considerations
    • Threat hunting models
    • Benefits of threat hunting
  • Threat Hunting Artifacts and Types
    • Artifacts and types
    • IOCs and IOAs
    • Indicators of compromise
    • Tactics, techniques and procedures (TTPs)
  • Threat hunting techniques and generative AI
    • Aggregation of data sources
    • Anomalies and baselining
      • Baselining
      • Searching
      • Grouping and clustering with AI
  • Threat hunting methodologies
    • Introduction
    • Structured hunting (MITRE)
    • Unstructured hunting
    • Entity driven hunting
  • Threat hunting data and technologies
    • Data and technologies
    • Network data
    • Endpoint data
    • Security information and event management (SIEM)
    • Threat intelligence platforms
    • Ticketing/SOAR
  • Cyber threat hunting process
    • Introduction
    • Scoping and hypothesis development
    • Formulate
    • Execution
    • Cyber threat hunting: Lessons learned
  • Cyber threat hunting scenarios
    • Structured hunt scenario
    • Unstructured hunt scenario
    • Entity-driven hunt scenario
    • Situation-driven hunt scenario
  • Hunting for network-based threats
    • Network Threats
    • DNS abnormalities
    • Hunting for DDoS activity
    • Hunting for suspicious domains
    • Hunting for irregular traffic
  • Hunting for host-based threats
    • Host-based threats
    • Malware
    • Hunting for irregular processes
    • Process hierarchy
    • Detecting lateral movement
    • Hunting for malicious files
    • Database swells
  • Quiz
Powered by GitBook
On this page
  • Organizational maturity
  • Key components
  • Skill sets
  1. Introduction

Implementation considerations

Organizational maturity

Security operations teams must review their current capabilities and maturity levels before considering threat hunting

Core capabilities must be in place before looking into threat hunting, such as:

  • log management

  • threat detection

  • security monitoring

  • incident response (IR)

Technologies that support traditional monitoring and response functions should also be in place

Are there internal resources available, or funds available for external resources?

Key components

People: Threat hunters with the following skill sets and experience are required to build mature hunt capabilities

Skill sets

  • Domain knowledge

  • Analytical mindset

  • Log analysis

  • Knowledge of network architecture

  • Attack life cycles

  • Security tools

  • Attack methods

Experience in security monitoring or incident response would position an analyst well within threat hunting

Leverage internal or external resources, based on your circumstances

PreviousWhat is cyber threat hunting?NextThreat hunting models

Last updated 9 months ago