26. Threat Hunting
Threat hunting is the proactive search for attackers that bypass automated detection. This mind map covers the methodology, data sources, and tools used by expert hunters.
Topics Covered
- Threat hunting maturity model
- Hypothesis-based hunting
- TTP-based hunting via MITRE ATT&CK
- EDR telemetry and log sources
- SIEM queries: SPL, KQL, Elastic DSL
- Sigma rules for portable detections
- Living-off-the-land (LOLBin) hunting
- Intel-driven hunting
- Converting findings to detections