Abstract
Threat hunting is the process of taking indicators of malicious activity, developing a hypothesis of how that malicious activity might be occurring in the environment, and hunting for it. Threat hunting, like machine learning, may just seem like a new buzzword in the information security space, but it does have its place in security operations. Threat hunting is proactively looking for indicators of compromise present in artifacts. Many times, new indicators are uncovered during investigations or by research conducted by information security practitioners and shared through groups or news feeds. Ideally a process exists to incorporate new indicators into the monitoring and detection capabilities. For some indicators, it is important to review historical logs and data for existence of these indicators.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
Reproduced by permission of David J. Bianco; https://t.co/6OQLetonoN?amp=1
- 5.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Eric C. Thompson
About this chapter
Cite this chapter
Thompson, E.C. (2020). Threat Hunting. In: Designing a HIPAA-Compliant Security Operations Center. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5608-4_7
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5608-4_7
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5607-7
Online ISBN: 978-1-4842-5608-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books