Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Hunting

Using the Lookup Command for Threat Hunting (Lookup Before You Go-Go)

A wise person once said that you should use the lookup command before you go threat hunting. Or, as I hear it in my head, “Look it up before you go-go…hunting”, a la WHAM!:   In this must-read tutorial for hunting in Splunk, we’re looking at the lookup command, including what it does and how and where to use it for threat hunting. Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)

Using Threat Hunting to Uncover Cybersecurity Threats

In the fast-evolving digital landscape, the prevalence of cyber threats has become a stark reality for businesses and individuals alike. The conventional cybersecurity measures, while essential, are often reactive and inadequate against sophisticated attacks. This is where Threat Hunting emerges as a proactive and dynamic approach to cybersecurity. In this blog, we delve into the fascinating world of Threat Hunting and explore its significance in safeguarding against cyber adversaries.

Turning Hunts Into Detections with PEAK

If you’ve been following our series on the PEAK threat hunting framework, you might already know that the purpose of threat hunting isn’t just to find security incidents your automated detection systems missed. Finding incidents is more like a helpful side effect. The real reason to hunt is to drive improvement to your security posture over time.

Splunk SOAR Playbook of the Month: Threat Hunting with Playbooks

As SOCs continue to grow and mature, it's vital that they establish effective and repeatable programs in proactive defense. This also means that threat hunting needs to become a critical function. Numerous advanced and sophisticated threats are able to get past more traditional cybersecurity defenses and SOCs need skilled Threat Hunters who are able to search, log, monitor, and remediate threats before they create a serious problem.

What is Cyber Threat Hunting?

Cyber threat hunting is a proactive security strategy that involves searching for threats within a network before they can cause significant damage. Unlike traditional methods, which are reactive and wait for an alert before taking action, threat hunting seeks to actively identify and mitigate hidden threats that have evaded initial security measures. Threat hunting involves constant monitoring and data analysis to spot suspicious behavior that may indicate a cyber attack.

Baseline Hunting with the PEAK Framework

Baselines are an essential part of effective cybersecurity. They provide a snapshot of normal activity within your network, which enables you to easily identify abnormal or suspicious behavior. Baseline hunting is a proactive approach to threat detection that involves setting up a baseline of normal activity, monitoring that baseline for deviations, and investigating any suspicious activity.

Peeping Through Windows (Logs): Using Sysmon & Event Codes for Threat Hunting

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.

Are Your Threat Hunters Too Distracted?

Threat hunters are some of the most specialized and experienced workers in the SOC. They are incredibly valuable to the organization, but as the 2023 SANS Threat Hunting Survey finds, they’re continually being asked to multi-task and take on other duties. And that’s taking away from their primary job of hunting for threats. How can we change this status quo and help threat hunters (and the organizations they work for) be successful? That’s the million-dollar question.

What is the difference between incident response & threat hunting?

When it comes to protecting data in an evolving threat landscape, two common strategies are at the forefront: incident response and threat hunting. While both processes can safeguard an organization's data, their approaches, objectives, and execution differ significantly. Understanding the differences between the two strategies is critical for organizations aiming to.