Online Courses
Cyber Threat Hunting
Online Courses
Cyber Threat Hunting
  • Cyber Threat Hunting
  • Introduction
    • What is cyber threat hunting?
    • Implementation considerations
    • Threat hunting models
    • Benefits of threat hunting
  • Threat Hunting Artifacts and Types
    • Artifacts and types
    • IOCs and IOAs
    • Indicators of compromise
    • Tactics, techniques and procedures (TTPs)
  • Threat hunting techniques and generative AI
    • Aggregation of data sources
    • Anomalies and baselining
      • Baselining
      • Searching
      • Grouping and clustering with AI
  • Threat hunting methodologies
    • Introduction
    • Structured hunting (MITRE)
    • Unstructured hunting
    • Entity driven hunting
  • Threat hunting data and technologies
    • Data and technologies
    • Network data
    • Endpoint data
    • Security information and event management (SIEM)
    • Threat intelligence platforms
    • Ticketing/SOAR
  • Cyber threat hunting process
    • Introduction
    • Scoping and hypothesis development
    • Formulate
    • Execution
    • Cyber threat hunting: Lessons learned
  • Cyber threat hunting scenarios
    • Structured hunt scenario
    • Unstructured hunt scenario
    • Entity-driven hunt scenario
    • Situation-driven hunt scenario
  • Hunting for network-based threats
    • Network Threats
    • DNS abnormalities
    • Hunting for DDoS activity
    • Hunting for suspicious domains
    • Hunting for irregular traffic
  • Hunting for host-based threats
    • Host-based threats
    • Malware
    • Hunting for irregular processes
    • Process hierarchy
    • Detecting lateral movement
    • Hunting for malicious files
    • Database swells
  • Quiz
Powered by GitBook
On this page
  • Threat hunting sources
  • Security incidents
  • MITRE ATT&CK framework
  • Organizational knowledge
  • Anomalous activity
  1. Threat hunting data and technologies

Data and technologies

Threat hunting sources

Threat hunters rely on different sources of information, such as the following to create hunts:

Threat intelligence

Collection of data related to known threats and threat actors

  • Threat actors targeting your organization

  • Information sharing between organizations within the same sector

  • Zero-day exploits against similar organizations

  • New vulnerabilities being leveraged by attackers

Internal findings

The findings identified by various teams conducting assessments

  • Internal audit

  • Enterprise risk teams

  • Red Team

Security incidents

Lessons learned phase of incident response captures valuable information that could be leveraged by threat hunting. These could be tactics/techniques identified during incident response, gaps in coverage, vulnerabilities, etc

MITRE ATT&CK framework

Tactics and techniques outlined in the framework are great resources to identify and prioritize hunts to be conducted within your organization

Organizational knowledge

Knowledge of know gaps, broken processes, etc, derived from time spent with an organization is another great source for threat hunting

Anomalous activity

Activity that deviates from established security configurations or behaviors is another input for threat hunting

PreviousEntity driven huntingNextNetwork data

Last updated 9 months ago