Module 1: Threat Hunting Concepts and Practices

Threat Hunting for Enterprises

Threat Hunting Overview

Nothing important, hands-on-wise.

Threat Hunting Within an Organization

The levels of the Threat Hunting Maturity Model (HMM):

• Initial Level 0: Relies primarily on automated alerts. No regular data collection.

• Minimal Level 1: Uses threat intelligence. Medium to high level of data collection.

• Procedural Level 2: Uses procedural analysis. High level of data collection.

• Innovative Level 3: Creates new procedural analysis. High level of data collection.

• Leading Level 4: Automates most of their analysis procedures. High level of data collection.

Third-Party Threat Hunting Services

Nothing to add. Just talking about the benefits of a third-party vs. internal team.

Threat Hunting Management

The three general stages of threat hunting:

1. Deciding on a trigger or hypothesis

2. Investigation

3. Resolution

Threat Hunting Methodology and Investigation Types

Structured Threat Hunting

Nothing to add. Referencing the MITRE ATT&CK matrix.

Unstructured Threat Hunting

Not much to add. The difference is these are based off from IoCs rather than TTPs.

Situational/Entity-Driven Threat Hunting

Specific to threats and risks faced by an organization's environment.