5 Threat Hunting Tips from a Seasoned Hunt Team

Threat Hunting Tips #1 — Know what is normal for your environment, then you’ll be able to spot the abnormal easier.

Threat Hunting Tips #2 — When building a hunt, start general and work your way to specific based on your hypothesis. By doing this it creates context and understanding of what it is you are looking at in your environment

Threat Hunting Tips #3 — Sometimes better to hunt on things you understand and know and then pivot vs hunting on things outside your expertise and trying to pivot to something you know

Threat Hunting Tips #4 — Not every hypothesis will be successful and sometimes it might fail. But don’t be discouraged, go back and test again!

And finally… #5 — Knowing your toolset and its data capabilities is just as important as executing your hunt. False Negatives lurk around every corner if you aren’t validating the expected data even exists in your tools.

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store