Difference between revisions of "Threat Hunting"
From Socology.org - The Study of Security Operations
(→Objective) |
(→Process) |
||
| Line 11: | Line 11: | ||
*Known IOC Hunting | *Known IOC Hunting | ||
| − | *Hypothesis Method | + | *Hypothesis Method[https://resources.infosecinstitute.com/category/enterprise/threat-hunting/threat-hunting-process/threat-hunting-methodologies/][https://www.sans.org/reading-room/whitepapers/threats/generating-hypotheses-successful-threat-hunting-37172] |
*Exploratory Data Science[https://towardsdatascience.com/data-science-for-startups-exploratory-data-analysis-70ac1815ddec][https://www.coursera.org/learn/exploratory-data-analysis][https://towardsdatascience.com/exploratory-data-analysis-8fc1cb20fd15][https://medium.com/@InDataLabs/why-start-a-data-science-project-with-exploratory-data-analysis-f90c0efcbe49] | *Exploratory Data Science[https://towardsdatascience.com/data-science-for-startups-exploratory-data-analysis-70ac1815ddec][https://www.coursera.org/learn/exploratory-data-analysis][https://towardsdatascience.com/exploratory-data-analysis-8fc1cb20fd15][https://medium.com/@InDataLabs/why-start-a-data-science-project-with-exploratory-data-analysis-f90c0efcbe49] | ||
Revision as of 03:38, 29 October 2018
This section is under development
Contents
Objective
The objective of Threat Hunting[1] is a proactive search of systems for adversaries and compromise. Whereas Continuous Monitoring is a reactive service, Threat Hunting strives to actively search logs, controls, countermeasures and activity to identify signs of compromise before they are detected.
Hunting activity feeds several other services including Content Engineering, Continuous Monitoring, Log Management and Compliance and Risk Management.
Hunting also receives inputs from Threat Intelligence, Enterprise Intelligence and Risk Management.
Process
Tooling
- SIEM, log management or other log collection and analysis tools
- Data analytics tools
