5 Golden Rules of Threat Hunting
Security Intelligence, IBM – Olga Hout
What Threat Hunting Is Threat hunting is a proactive approach to identifying previously unknown or ongoing non-remediated threats within an organizationâs network. Threat hunting should be iterative and human-driven.

Effective threat hunting requires a specific skill set. A successful threat hunter must be good at hypothetical thinking and be able to speculate about source vectors and potential impact.

Additionally, pattern recognition and deductive reasoning are valuable skills for the job. What Threat Hunting Is Not Ctrl+F Indicator of Compromise (IOC) â Threat hunting isnât hitting a âCtrl+Fâ IOC to locate threats. Automated â Automation can certainly help once threats or datasets of interest are identified, but it isnât a starting point. New Magic Why Hunt Threats? Effective threat hunting helps reduce the time from intrusion to discovery, minimizing the damage done by attackers. The longer the time lapse between system failure and response, the more damage the organization suffers during an attack.

The 5 Golden Rules of Threat Hunting 1) Collect logs from key areas.

2) Monitor network data.

3) Analyze endpoint behavioral data.

4) Practice situational awareness.

5) Leave preconceived notions at the door.
Link: https://securityintelligence.com/posts/5-golden-rules-threat-hunting-x-force/