Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order:
- Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools.
- Incident Response is Dead…Long Live Incident Response (by @sroberts) has hunting contrasted to IR
- Hunting, and Knowing What To Hunt For (by Harlan Carvey) has some lateral wisdom.
- Cyber Hunting: 5 Tips To Bag Your Prey (by David Bianco) reminds us to PIVOT.
- A Simple Hunting Maturity Model (by David Bianco) [I think he also wrote this guide to hunting] has fun stuff on maturity
- The Who, What, Where, When, Why and How of Effective Threat Hunting (by SANS) is a longer guide with more …ahem…basics. Not basic basics, mind you – more like advanced basics :–)
Please share your favorite threat hunting links and I will update the post.
P.S. Don’t believe the marketing hype! Effective threat hunting remains the domain of the well-resourced, super-security-mature, extra-skilled security 1%-ers… If you want an extra-cynical version, essentially ~5 people on the planet know how to do it well and can explain to others ….