Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Hunting

How are IT leaders and their MSPs approaching threat hunting?

Companies are increasingly aware of the importance of creating detection and hunting capacities that help to keep their business’s future from being put at risk. The popularity of threat-hunting services is a consequence of detecting ever more persistent attacks, which also last longer and longer. On top of this, cybercriminals also have ever more tactics to avoid traditional defense measures.

Creating a Threat Hunting Lab in Graylog

When I was looking to break into the cybersecurity industry, I found myself overwhelmed with the sheer amount of content to learn and try. So much of the content, you had to purchase certain things, or it was way too complicated for me to understand at the time. Today, I wanted to break down create an easy walk-through on how to set up a functional threat hunting lab.
Featured Post

Why Every Company Should Include Threat Intelligence in Their Cybersecurity Strategy

In the fast-evolving digital landscape, the prevalence of cyber threats has become a stark reality for businesses and individuals. While essential, conventional cybersecurity measures are often reactive and inadequate against sophisticated attacks. This is where Cyber Threat Intelligence (CTI) emerges as a proactive and complementary approach to cybersecurity. Utilising CTI helps organisations to protect their systems from potential hazards. It provides a way to cut through the noise and focus on threats relevant to that specific company and industry.

Next-Level Threat Hunting: Shift Your SIEM from Reactive to Proactive

Threat hunting is proactively identifying and thwarting unusual network activity that could indicate an attempted security breach. It’s a historically manual activity, making it time-intensive and arduous. It’s no wonder, then, why most organizations don’t have the time, budget, or resources to undertake it effectively…if at all.

Using metadata & tstats for Threat Hunting

So you want to hunt, eh? Well my young padwa…hold on. As a Splunk Jedi once told me, you have to first go slow to go fast. What do I mean by that? Well, if you rush into threat hunting and start slinging SPL indiscriminately, you risk creating gaps in your investigation. What gaps might those be? As a wise man once said, Know thy network. Actually — in this case — know your network and hosts.

Using stats, eventstats & streamstats for Threat Hunting...Stat!

If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information.

Key Threat Hunting Deliverables with PEAK

When most people think of threat hunting, they think of uncovering unknown threats. Would you believe me if I told you that is only ONE of many (better) reasons to show value with threat hunting? The PEAK Threat Hunting Framework incorporates three distinct hunt types: hypothesis-driven, baseline and model-assisted threat hunts. Each hunt type follows a three-stage process: Prepare, Execute, and Act.

Amid Sharp Increase in Identity-Based Attacks, CrowdStrike Unveils New Threat Hunting Capability

Adversaries are doubling down on identity-based attacks. According to Nowhere to Hide: CrowdStrike 2023 Threat Hunting Report, we’ve seen an alarming 583% year-over-year increase in Kerberoasting attacks — a form of identity-based threat — and a 147% increase in access broker advertisements on the dark web. Adversaries are evolving their tradecraft, building custom tooling and leveraging more than usernames and passwords to breach your environments.

Why your security analytics needs proactive threat hunting

Even the mightiest, most prestigious companies and enterprises are not exempt from the advanced threats of cyber attackers. In the ever-evolving cybersecurity threat landscape, an organization's security team like yours needs robust security measures for network security, endpoint security, threat detection, anomaly detection, data protection, security monitoring, application security and information security.

Threat hunting with Sumo Logic: The Command Line

Consider the following scenario: you are asked by your leadership to find dedicated time for threat hunting activities within your network. After some time, access to the shiny new tool of choice is granted and you are super excited to get started. You log into the tool and are greeted with a lovely search bar; how do you proceed from here? The tool presenting the blank search bar is undoubtedly powerful and feature packed.