Difference between revisions of "Threat Hunting"

From Socology.org - The Study of Security Operations
Jump to: navigation, search
(Process)
(Objective)
Line 2: Line 2:
  
 
== Objective ==
 
== Objective ==
The objective of Threat Hunting is a '''proactive''' search of systems for adversaries and compromise. Whereas [[Continuous Monitoring]] is a '''reactive''' service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected.
+
The objective of Threat Hunting[https://www.threathunting.net/reading-list] is a '''proactive''' search of systems for adversaries and compromise. Whereas [[Continuous Monitoring]] is a '''reactive''' service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected.
  
 
Hunting activity feeds several other services including [[Content Engineering]], [[Continuous Monitoring]], [[Log Management and Compliance]] and Risk Management.  
 
Hunting activity feeds several other services including [[Content Engineering]], [[Continuous Monitoring]], [[Log Management and Compliance]] and Risk Management.  

Revision as of 04:37, 29 October 2018

This section is under development

Objective

The objective of Threat Hunting[1] is a proactive search of systems for adversaries and compromise. Whereas Continuous Monitoring is a reactive service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected.

Hunting activity feeds several other services including Content Engineering, Continuous Monitoring, Log Management and Compliance and Risk Management.

Hunting also receives inputs from Threat Intelligence, Enterprise Intelligence and Risk Management.

Process

  • Known IOC Hunting
  • Hypothesis Method
  • Exploratory Data Science[2][3][4][5]

Tooling

  • SIEM, log management or other log collection and analysis tools
  • Data analytics tools

Ticketing

Reporting

Staffing

Budget

Communications

Documentation

Lessons Learned | Pain Points

Citations