Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order:
- Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools.
- Incident Response is Dead…Long Live Incident Response (by @sroberts) has hunting contrasted to IR
- Hunting, and Knowing What To Hunt For (by Harlan Carvey) has some lateral wisdom.
- Cyber Hunting: 5 Tips To Bag Your Prey (by David Bianco) reminds us to PIVOT.
- A Simple Hunting Maturity Model (by David Bianco) [I think he also wrote this guide to hunting] has fun stuff on maturity
- The Who, What, Where, When, Why and How of Effective Threat Hunting (by SANS) is a longer guide with more …ahem…basics. Not basic basics, mind you – more like advanced basics :–)
Please share your favorite threat hunting links and I will update the post.
P.S. Don’t believe the marketing hype! Effective threat hunting remains the domain of the well-resourced, super-security-mature, extra-skilled security 1%-ers… If you want an extra-cynical version, essentially ~5 people on the planet know how to do it well and can explain to others ….
Read Complimentary Relevant Research
Security and Risk Leadership Vision for 2017
Security and risk management are key enablers for digital business. SRM leaders are accountable for helping the enterprise balance the...
View Relevant Webinars
Special Report: Cybersecurity is a Foundation for Digital Business
Gartner has released a new special report addressing cybersecurity as a critical part of digital business, with its broader external...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.