Hunt Technique Catalog | Playbook | Database
In my first post I went over some threat hunting models . For the R&D hunts, I mentioned that it would require every hunt to be cataloged. Then I started to try to create the outcome document from an R&D Hunt to share it with everyone and ran into a terminology roadblock of my own making. I couldn't seem to make progress on outlining the expected outcome from R&D Hunts, at least not in a concise way that would be easy for my team and my leadership to comprehend. So, I decided to use writing a post to walk myself through the process and the terminology. Campaigns & Hunts Campaign Description: Two or more hunts with a common objective Outcome: A strategic product consolidating the findings from all hunts Hunt Description: 1 or more hunt techniques with a common objective Outcome: A report containing actionable findings Hunting Techniques Hunting Technique Description: A hypothesis applied to a specific domain,...