Difference between revisions of "Threat Hunting"
(→Process) |
|||
| Line 2: | Line 2: | ||
== Objective == | == Objective == | ||
| + | :"''Threat hunting is a proactive and iterative approach to detecting threats.''" (Lee and Bianco, 2016) | ||
The objective of Threat Hunting[https://www.threathunting.net/reading-list] is a '''proactive''' search of systems for adversaries and compromise. Whereas [[Continuous Monitoring]] is a '''reactive''' service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected. | The objective of Threat Hunting[https://www.threathunting.net/reading-list] is a '''proactive''' search of systems for adversaries and compromise. Whereas [[Continuous Monitoring]] is a '''reactive''' service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected. | ||
| Line 40: | Line 41: | ||
== Citations == | == Citations == | ||
| + | Robert M. Lee and David Bianco. 2016. Generating Hypotheses for Successful Threat Hunting. Retrieved from [https://www.sans.org/reading-room/whitepapers/threats/generating-hypotheses-successful-threat-hunting-37172 https://www.sans.org/reading-room/whitepapers/threats/generating-hypotheses-successful-threat-hunting-37172] | ||
Revision as of 04:40, 29 October 2018
This section is under development
Contents
Objective
- "Threat hunting is a proactive and iterative approach to detecting threats." (Lee and Bianco, 2016)
The objective of Threat Hunting[1] is a proactive search of systems for adversaries and compromise. Whereas Continuous Monitoring is a reactive service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected.
Hunting activity feeds several other services including Content Engineering, Continuous Monitoring, Log Management and Compliance and Risk Management.
Hunting also receives inputs from Threat Intelligence, Enterprise Intelligence and Risk Management.
Process
Tooling
- SIEM, log management or other log collection and analysis tools
- Data analytics tools
Ticketing
Reporting
Staffing
Budget
Communications
Documentation
Lessons Learned | Pain Points
Citations
Robert M. Lee and David Bianco. 2016. Generating Hypotheses for Successful Threat Hunting. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/generating-hypotheses-successful-threat-hunting-37172
