Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order:
- Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools.
- Incident Response is Dead…Long Live Incident Response (by @sroberts) has hunting contrasted to IR
- Hunting, and Knowing What To Hunt For (by Harlan Carvey) has some lateral wisdom.
- Cyber Hunting: 5 Tips To Bag Your Prey (by David Bianco) reminds us to PIVOT.
- A Simple Hunting Maturity Model (by David Bianco) [I think he also wrote this guide to hunting] has fun stuff on maturity
- The Who, What, Where, When, Why and How of Effective Threat Hunting (by SANS) is a longer guide with more …ahem…basics. Not basic basics, mind you – more like advanced basics :–)
Please share your favorite threat hunting links and I will update the post.
P.S. Don’t believe the marketing hype! Effective threat hunting remains the domain of the well-resourced, super-security-mature, extra-skilled security 1%-ers… If you want an extra-cynical version, essentially ~5 people on the planet know how to do it well and can explain to others ….
Read Complimentary Relevant Research
Security Monitoring and Operations Primer for 2017
Security monitoring and operations excellence is a key component of any effective security program. Gartner's 2017 research will guide...
View Relevant Webinars
Top Take-Aways: 2015-2016 Security and Risk Surveys
Analysis from results of surveys conducted in 2015-2016 for CISOs, security, compliance, risk, business continuity and privacy professionals....
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.