5 Tips for a Successful Threat Hunt>
D Zone – Medha Mehta
Search Tunneled Communications The best area to start scanning for potential threats might be C£ indications or command and control indications. Put more effort into scanning for activities that are trying to mimic standard traffic. Tunneled communications where network protocols can carry another are a great area to start.

Data Scoping Analyze the systemâs data logs, network logs, and more. Even the SIEM can serve as a great data pool for threat hunting. However, when sifting said data, you should focus on establishing some parameters. Attribute Identification Looking for specific attributes (for example, the URLs used) can help a great deal in properly mitigating the threat and will also come in handy for the rest of the security team that can use it to create a more sophisticated security protocol for the system/network. Sort the Data You can sort the data from smallest to largest and focus more on larger files. You can also sort by using the HTTP method. The sorting process can also be done by using visualization and other techniques as well.

Wide Pass the Data Itâs crucial to filter the data before diving into investigating every byte in detail. Instead, take a look at everything and bookmark the items that might raise suspicion, and take another glance at them when youâre finished with the initial pass.
Link: https://dzone.com/articles/5-tips-for-a-successful-threat-hunt-1