Online Courses
Cyber Threat Hunting
Online Courses
Cyber Threat Hunting
  • Cyber Threat Hunting
  • Introduction
    • What is cyber threat hunting?
    • Implementation considerations
    • Threat hunting models
    • Benefits of threat hunting
  • Threat Hunting Artifacts and Types
    • Artifacts and types
    • IOCs and IOAs
    • Indicators of compromise
    • Tactics, techniques and procedures (TTPs)
  • Threat hunting techniques and generative AI
    • Aggregation of data sources
    • Anomalies and baselining
      • Baselining
      • Searching
      • Grouping and clustering with AI
  • Threat hunting methodologies
    • Introduction
    • Structured hunting (MITRE)
    • Unstructured hunting
    • Entity driven hunting
  • Threat hunting data and technologies
    • Data and technologies
    • Network data
    • Endpoint data
    • Security information and event management (SIEM)
    • Threat intelligence platforms
    • Ticketing/SOAR
  • Cyber threat hunting process
    • Introduction
    • Scoping and hypothesis development
    • Formulate
    • Execution
    • Cyber threat hunting: Lessons learned
  • Cyber threat hunting scenarios
    • Structured hunt scenario
    • Unstructured hunt scenario
    • Entity-driven hunt scenario
    • Situation-driven hunt scenario
  • Hunting for network-based threats
    • Network Threats
    • DNS abnormalities
    • Hunting for DDoS activity
    • Hunting for suspicious domains
    • Hunting for irregular traffic
  • Hunting for host-based threats
    • Host-based threats
    • Malware
    • Hunting for irregular processes
    • Process hierarchy
    • Detecting lateral movement
    • Hunting for malicious files
    • Database swells
  • Quiz
Powered by GitBook
On this page
  1. Threat hunting techniques and generative AI

Anomalies and baselining

Anomaly detection

Anomaly detection is a threat hunting technique that involves analyzing data to identify abnormal patterns or behaviors that may indicate a security threat

  • This technique relies on statistical models and machine learning algorithms to detect deviations from normal patterns of behavior

  • Anomaly detection can be applied to various data sources, including network traffic logs, system logs and user behavior data

  • By analyzing data for anomalies, security teams can identify potential threats that may have gone unnoticed by traditional security tools

  • For example, anomaly detection can be used to identify unusual network traffic patterns that may indicate a distributed denial-of-service (DDoS) attack or to detect abnormal user behavior that may indicate a compromised account

One of the benefits of anomaly detection is that it can be used to detect both known and unknown threats

Because anomaly detection relies on statistical models and machine learning algorithms, it can detect patterns that may be too subtle or complex for humans or traditional security tools to identify

Overall, anomaly detection is a valuable threat hunting technique that can help organizations detect and respond to security threats mode effectively

By identifying anomalous behavior, security teams can take proactive steps to mitigate potential threats before they cause significant damage

PreviousAggregation of data sourcesNextBaselining

Last updated 8 months ago