Module 1: Threat Hunting Concepts and Practices

Threat Hunting for Enterprises

Threat Hunting Overview

Nothing important, hands-on-wise.

Threat Hunting Within an Organization

The levels of the Threat Hunting Maturity Model (HMM):

  • Initial Level 0: Relies primarily on automated alerts. No regular data collection.

  • Minimal Level 1: Uses threat intelligence. Medium to high level of data collection.

  • Procedural Level 2: Uses procedural analysis. High level of data collection.

  • Innovative Level 3: Creates new procedural analysis. High level of data collection.

  • Leading Level 4: Automates most of their analysis procedures. High level of data collection.

Third-Party Threat Hunting Services

Nothing to add. Just talking about the benefits of a third-party vs. internal team.

Threat Hunting Management

The three general stages of threat hunting:

  1. Deciding on a trigger or hypothesis

  2. Investigation

  3. Resolution

Threat Hunting Methodology and Investigation Types

Structured Threat Hunting

Nothing to add. Referencing the MITRE ATT&CK matrix.

Unstructured Threat Hunting

Not much to add. The difference is these are based off from IoCs rather than TTPs.

Situational/Entity-Driven Threat Hunting

Specific to threats and risks faced by an organization's environment.

PreviousTH-200NextModule 2: Threat Actor Landscape Overview

Last updated