A THREAT HUNTING LOOP FOR STRUCTURED HUNTING

  • Threat Intelligence? Check.
  • Security Analysis? Check.
  • Incident Handling? Check.
  • Digital Forensics and Incident Response? Double Check.

Putting a New Spin on an Old(er) Threat Hunting Loop

Introducing The Threat Hunting Loop for Structured Hunting

Hypothesis

  • volumetric analysis,
  • frequency analysis, and
  • statistical analysis

Requirements

  • Certain ports or protocols are not recorded for netflow metadata,
  • Netflow data is only kept for 2 days across the organizations, or
  • A netflow sensor is improperly placed outside of a network segment.

Plan

  • the hypothesis — from the Hypothesis stage,
  • the technological and operations requirements — from the Requirements phase,
  • support from external teams that the hunters need,
  • what actions hunters will carry out during the hunt,
  • how hunters will confirm their findings,
  • agreed escalation paths for incidents discovered during the hunt,
  • points for improvement taken throughout the hunt, and
  • appropriate sign-offs for privacy and risk managers.

Hunt

Enrich

  • triage methodologies,
  • analysis techniques, and
  • suggested remediations
  • false positives

Feedback

Closing the Threat Hunting Loop for Structured Hunting

--

--

--

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Mine Decentraland MANA: Step by Step Laptop and Desktop Mining Guide in 2022

Cybersecurity: How I hacked my client to save 75 USD on shipping charges

Group Policy Monitoring for Cyber Security

Vorem Tips: A Guide To Securing Your Crypto Wallet.

My review on TryHackMe’s Throwback network

The Mistakes Organizations Make With Their Information Security Department

INFOSEC MISTAKES

May 11: Inside Cardstack This Week

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

More from Medium

Understanding Threat Actors

Fixing the Zeek Add-on for Splunk in DetectionLab

Using Narrative Reports to Map Behaviors to ATT&CK

Elastic Security Fundamental for Dummies : Part 3