![](https://static.wixstatic.com/media/389187_5be7edd406814fb5bd0c75420ae9b847~mv2.png/v1/fill/w_49,h_28,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/389187_5be7edd406814fb5bd0c75420ae9b847~mv2.png)
Team threat hunters are front-line defenders who proactively detect malicious or suspicious activity by investigating internal systems in an organization to find/determine the advanced threat actors and vectors.
generally, it's a combination of multiple teams constantly collaborating with each other to investigate and determine the threat actors.
Principles of Threat Hunting
Proactivity: Proactivity Identifying or determining the threat actors
Finding: Finding the attack signature or threats which already compromise the environment
Detecting: Hardening the detection techniques
Working On Threat Hunting
Threat Hunting:
Create a hypothesis to hunt or determine the attack patterns.
Malware Analysis:
The Team was involved in analyzing various malware samples to find the IOC and patterns.
SIEM Engineers:
The SIEM team creates or determines the detection rule to constantly identify the threat actors.
SOC Team:
The SOC team generally Investigates and determines the root cause of the threats to mitigate their risk.
![](https://static.wixstatic.com/media/389187_e156dabd52824c9fa58e5df8b9250b3d~mv2.png/v1/fill/w_49,h_28,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/389187_e156dabd52824c9fa58e5df8b9250b3d~mv2.png)
Conclusion:
Threat Hunting is a hypothesis-based proactive detection of malicious activity, where multiple teams constantly collaborate with each other to investigate and determine the threat actors.