Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Michael Collins
Threat Hunting
An Introduction to Threat Hunting
1. Threat Hunting and Its Goals
What Threat Hunting Is
Why Threat Hunting Matters
Who Threat Hunting Is For: The SOCS
The Threat Hunting Process as a Research Process
Conclusions
2. Should You Hunt?
Data Requirements
When You’re Not Ready: Data
Operational Requirements
When You’re Not Ready: Operations
Personnel Requirements
When You’re Not Ready: Personnel
Conclusions
3. A Hunting Process
Long-Term Preparation
Triggers
Starting the Hunt
The Hunt Itself
Ending the Hunt
Output from the Hunt
4. A Dictionary of Threat Hunting Techniques
Core Concepts
The Cyber Kill Chain
Ranking Versus Detection
Finite Cases
Basic Techniques
Searching and Cross-Source Correlation
Lookup
Stack Counting
Histograms and Barplots
Watchlist Refinement: Indicators and Signatures
Indicator Webwalk
Techniques for Discovering Indicators
Configuration Tracking and Baselining
Honey
Situational Awareness of Your Network: Mapping, Blindspots, Endpoint Detection
Identifying Weird Port Behavior
Producer/Consumer Ratio and Services
Know Your Calendar
Watch Invocation Sequences
Be Aware of Physical Locations
Data Analysis and Aggregation Techniques
Approximate String Matching
LRU Cache Depth Analysis
Leaky Buckets
Machine Learning
Visualization Techniques
Trellising and Sparklines
Radial Plots
Heat Mapping and Space Filling Curves
Conclusions
5. References and Further Reading
Thinking and Reasoning About Hunting
Threat Hunting Techniques
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Threat Hunting
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset