Threat Hunting is basically defined as a hypothesis-based proactive detection of malicious activity, where we replicate or build an attack scenario to determine its threat patterns. the ultimate goal is to determine and investigate various attack patterns like IOC, IOA, Hashes malicious executable, etc.
How Threat Hunting Loop Works
Create hypotheses
Investigate via tools & techniques
Un-cover new patterns and TTP
Inform & Enrich analytics
Create Hypotheses
The initial stage of threat hunting is to reconstruct an attack scenario for investigations and determine the un-cover new patterns and TTP
Attack scenarios such as Ransomware, Brute force detection, privilege escalation, etc.
Investigate via tools & techniques
investigate the replicated attack scenarios using various tools and techniques to prove or disprove the hypotheses
Join our Official Community
Un-cover new patterns and TTP
A successful re-creation of hypotheses and investigation will uncover new patterns like IOC, IOA, Hashes malicious executable, etc.
Inform & Enrich analytics
This helps us understand how the threat activity took place and what it can do to prevent such incidents from happening, this phase can improve the organization’s incident security protocols and make its security strategy more robust and effective.
Comments