The hunt model (popularized by Sqrrl, now part of AWS) involves:
Valentina Costa-Gazcon Publisher: Packt Publishing Target Audience: SOC Analysts, Threat Hunters, Incident Responders, Security Engineers The hunt model (popularized by Sqrrl, now part
When searching for high-quality educational material or a , ensure the resource covers: Process executions, registry changes
Practical Threat Intelligence and Data-Driven Threat Hunting serves as a bridge between theoretical cybersecurity concepts and the gritty, technical reality of modern defense. In an era where adversaries constantly evolve their tactics, techniques, and procedures (TTPs), relying solely on static defenses is insufficient. This book provides a hands-on guide to building a threat intelligence program that is not just a feed of data, but a proactive engine for hunting threats within an organization’s infrastructure. registry changes. Network Logs: DNS queries
Process executions, registry changes. Network Logs: DNS queries, SSL certificates, flow data.
Find attackers who have already breached the perimeter before they execute their final objective.
Developing an Intelligence-Driven Threat Hunting Methodology (Gigamon) : This white paper from Gigamon