Chapter 10: Importance of Documenting and Automating the Process

So far, we have learned what threat intelligence is, what threat hunting is, how to get started with atomic hunts, and how to use intelligence-driven hypotheses, as well as mapping them to log events and hunting for the adversary; but we still have the last remaining piece of the puzzle to cover: documenting and automating to update the hunting process.

In this chapter, we're going to cover the following main topics:

The importance of documentation
Updating the hunting process
The importance of automation

The importance of documentation

Often disliked and disregarded, documentation is actually the key to the kingdom in any technical team. In a threat hunting team, and probably ...

Get Practical Threat Intelligence and Data-Driven Threat Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

Chapter 10: Importance of Documenting and Automating the Process

The importance of documentation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly