Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order:
- Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools.
- Incident Response is Dead…Long Live Incident Response (by @sroberts) has hunting contrasted to IR
- Hunting, and Knowing What To Hunt For (by Harlan Carvey) has some lateral wisdom.
- Cyber Hunting: 5 Tips To Bag Your Prey (by David Bianco) reminds us to PIVOT.
- A Simple Hunting Maturity Model (by David Bianco) [I think he also wrote this guide to hunting] has fun stuff on maturity
- The Who, What, Where, When, Why and How of Effective Threat Hunting (by SANS) is a longer guide with more …ahem…basics. Not basic basics, mind you – more like advanced basics :–)
Please share your favorite threat hunting links and I will update the post.
P.S. Don’t believe the marketing hype! Effective threat hunting remains the domain of the well-resourced, super-security-mature, extra-skilled security 1%-ers… If you want an extra-cynical version, essentially ~5 people on the planet know how to do it well and can explain to others ….
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.