Online Courses
Cyber Threat Hunting
Online Courses
Cyber Threat Hunting
  • Cyber Threat Hunting
  • Introduction
    • What is cyber threat hunting?
    • Implementation considerations
    • Threat hunting models
    • Benefits of threat hunting
  • Threat Hunting Artifacts and Types
    • Artifacts and types
    • IOCs and IOAs
    • Indicators of compromise
    • Tactics, techniques and procedures (TTPs)
  • Threat hunting techniques and generative AI
    • Aggregation of data sources
    • Anomalies and baselining
      • Baselining
      • Searching
      • Grouping and clustering with AI
  • Threat hunting methodologies
    • Introduction
    • Structured hunting (MITRE)
    • Unstructured hunting
    • Entity driven hunting
  • Threat hunting data and technologies
    • Data and technologies
    • Network data
    • Endpoint data
    • Security information and event management (SIEM)
    • Threat intelligence platforms
    • Ticketing/SOAR
  • Cyber threat hunting process
    • Introduction
    • Scoping and hypothesis development
    • Formulate
    • Execution
    • Cyber threat hunting: Lessons learned
  • Cyber threat hunting scenarios
    • Structured hunt scenario
    • Unstructured hunt scenario
    • Entity-driven hunt scenario
    • Situation-driven hunt scenario
  • Hunting for network-based threats
    • Network Threats
    • DNS abnormalities
    • Hunting for DDoS activity
    • Hunting for suspicious domains
    • Hunting for irregular traffic
  • Hunting for host-based threats
    • Host-based threats
    • Malware
    • Hunting for irregular processes
    • Process hierarchy
    • Detecting lateral movement
    • Hunting for malicious files
    • Database swells
  • Quiz
Powered by GitBook
On this page
  • Case management
  • Examples
  1. Threat hunting data and technologies

Ticketing/SOAR

Case management

A ticketing solution for threat hunting is a system that enables threat hunters to manage and track their hunts

The solution can help to streamline the threat hunting process, ensure accountability and improve collaboration among team members

When selecting a ticketing solution for threat hunting, it's important to consider the following:

  • Customization

  • Integration

  • Automation

  • Collaboration

  • Reporting

Examples

If your organization has an existing case management solution, it can be leveraged to handle documenting or tracking threat hunts

Many Security Orchestration, Automation and Response (SOAR) solutions are potential solutions for not only documenting and tracking threat hunts but also to analyze events or take actions

Here are some popular ticketing solutions for threat hunting:

  • ServiceNow Security Operations

  • Jira Service Management

  • Freshservice

  • Zendesk

PreviousThreat intelligence platformsNextIntroduction

Last updated 9 months ago