Threat Hunting — Cybersecurity Mind Map
26. Threat Hunting
Threat hunting is the proactive search for attackers that bypass automated detection. This mind map covers the methodology, data sources, and tools used by expert hunters.
Topics Covered
- Threat hunting maturity model
- Hypothesis-based hunting
- TTP-based hunting via MITRE ATT&CK
- EDR telemetry and log sources
- SIEM queries: SPL, KQL, Elastic DSL
- Sigma rules for portable detections
- Living-off-the-land (LOLBin) hunting
- Intel-driven hunting
- Converting findings to detections