Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
mthcht authored Dec 14, 2024
1 parent 218d8a5 commit 4fbe85c
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@

Threat hunting is a proactive and iterative approach to detecting malicious activities within an organization's network or systems that may have bypassed automated security measures. Unlike reactive investigations triggered by security alerts, threat hunting is driven by threat intelligence (TI)-driven checks and hypotheses derived from systematic and opportunistic analysis. These hypotheses help hunters uncover unknown threats, potential threats, or known threats that may have evaded security detections, as well as vulnerabilities or indicators of compromise (IoCs) that automated systems might miss or exclude. The process also focuses on identifying precursors to alerts/dashboards and improving SOC/triage workflows while also contributing to shadow asset inventory management and escalates low/mid-fidelity events that require further investigation. The primary goal is to identify the tactics, techniques, and procedures (TTPs) used by threat actors, enhancing the organization’s ability to preemptively detect and mitigate potential attacks.

#### Threat Hunting Lifecycle in SOC Operations
### Bridging Threat Hunting With Core Services
![image](https://github.com/user-attachments/assets/4542aac6-3e0d-4942-b74b-65dddf5e37c8)

### Threat Hunting Lifecycle in SOC Operations
My process suggestion to organizing partially automated threat hunting sessions to maintain high-quality detection rules within a SOC

![image](https://github.com/user-attachments/assets/3ccc49cf-993f-4bc1-9af2-4d3944deadbd)
Expand Down

0 comments on commit 4fbe85c

Please sign in to comment.