Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Hunting

Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

Hypothesis-Driven Cryptominer Hunting with PEAK

Hypothesis-driven hunting is probably the most well-known type of threat hunting, and it’s one of the three types defined in the PEAK threat hunting framework. In this article, we’ll walk through a sample hypothesis-driven hunt, step-by-step. For our data, we’ll be using the Boss of the SOC Version 3 (BOTSv3) dataset, which you can use to recreate the hunt and work through it on your own. Below is a diagram of the Hypothesis-Driven hunting process.

Identity Threat Hunting: How CrowdStrike Counter Adversary Operations Is Leading the Charge

It’s 10:30 p.m. and you’re heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pilfer your employees’ credentials. While you’re putting on your pajamas, they’re finding a path to log in. While you’re asleep, is your organization protected?

The Evolution of Artificial Intelligence in Cyber Threat Hunting

The role of artificial intelligence (AI) has become increasingly prominent, particularly in the realm of cyber threat hunting. Cyber threats continue to evolve in complexity and sophistication, posing significant challenges to traditional cybersecurity measures. As a result, organizations are turning to AI-driven solutions to enhance their threat detection and response capabilities.

Parsing Domains with URL Toolbox (Just Like House Slytherin)

When hunting, advanced security Splunkers use apps. Specifically, three related apps from an incredibly generous man named Cedric Le Roux! (You can guess from the name that yes, he's French.) And frankly, you probably only know one: URL Toolbox. One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands who want to separate subdomain, domain, and top level domain (TLD) from a URL.

Using eval to Calculate, Appraise, Classify, Estimate & Threat Hunt

I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Inside the Mind of a Cybersecurity Threat Hunter Part 1: Confronting Initial Access Techniques

At Corelight, we’re always striving to make the life of threat hunters and security analysts a little easier. It’s the reason we developed our Open NDR Platform that provides comprehensive, correlated network data and forensic evidence about everything happening on the network. If you’re familiar with Corelight, you probably already know that.

Using RegEx for Threat Hunting (It's Not Gibberish, We Promise!)

Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: “But stop,” you say, “Splunk uses fields! Why should I spend time learning Regular Expressions?”

How are IT leaders and their MSPs approaching threat hunting?

Companies are increasingly aware of the importance of creating detection and hunting capacities that help to keep their business’s future from being put at risk. The popularity of threat-hunting services is a consequence of detecting ever more persistent attacks, which also last longer and longer. On top of this, cybercriminals also have ever more tactics to avoid traditional defense measures.

Creating a Threat Hunting Lab in Graylog

When I was looking to break into the cybersecurity industry, I found myself overwhelmed with the sheer amount of content to learn and try. So much of the content, you had to purchase certain things, or it was way too complicated for me to understand at the time. Today, I wanted to break down create an easy walk-through on how to set up a functional threat hunting lab.