Chapter 3: Where Does the Data Come From?

In order to carry out effective threat hunts, there are some basic concepts that you should be clear on. The main sources of data for threat hunting are system logs and network logs. In this chapter, we are going to cover operating system basics, networking basics, and the main data sources that a threat hunting platform feeds from.

In this chapter, we will cover the following topics:

Understanding the data that's been collected
Windows-native tools
Data sources

Let's get started!

Technical requirements

You will need a computer with the Windows operating system installed to follow this chapter's material.

Understanding the data that's been collected

Threat hunting involves dealing with event logs ...

Get Practical Threat Intelligence and Data-Driven Threat Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

Chapter 3: Where Does the Data Come From?

Technical requirements

Understanding the data that's been collected

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly