Skip to content

Commit

Permalink
Update Threat-Hunting.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@TonyPhipps
TonyPhipps authored Apr 16, 2024
1 parent 7e5be6b commit ecf43b5
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions Threat-Hunting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,27 @@ Threat hunting should focus on events outside the traditional detection capabili
- Ratios (e.g. request/response, upload/download, success/failure)
- Standard deviation


# Frameworks
- MITRE ATT&CK
- Targeted Hunting integrating Threat Intelligence (TaHiTI)


# Hypotheses
# Hypotheses-Based
Planning Phase
- Gather intelligence
- Develop a hypothesis
- Determine data sources

Execution Phase
- Query data sources
- Follow breadcrumbs
- Test hypothesis

Reporting Phase
- Distill findings
- Create detections
- Improve process

Focusing on hypothesis that are unlikely to boil down into a signature to automate.

General Examples:
Expand Down

0 comments on commit ecf43b5

Please sign in to comment.