Team threat hunters are front-line defenders who proactively detect malicious or suspicious activity by investigating internal systems in an organization to find/determine the advanced threat actors and vectors.
generally, it's a combination of multiple teams constantly collaborating with each other to investigate and determine the threat actors.
Principles of Threat Hunting
Proactivity: Proactivity Identifying or determining the threat actors
Finding: Finding the attack signature or threats which already compromise the environment
Detecting: Hardening the detection techniques
Working On Threat Hunting
Threat Hunting:
Create a hypothesis to hunt or determine the attack patterns.
Malware Analysis:
The Team was involved in analyzing various malware samples to find the IOC and patterns.
SIEM Engineers:
The SIEM team creates or determines the detection rule to constantly identify the threat actors.
SOC Team:
The SOC team generally Investigates and determines the root cause of the threats to mitigate their risk.
Conclusion:
Threat Hunting is a hypothesis-based proactive detection of malicious activity, where multiple teams constantly collaborate with each other to investigate and determine the threat actors.
Comentarios