Chapter 12: Understanding the Output

In the previous chapter, we covered the importance of having a good data management process established and discussed the impact that not having one would have on our hunts. In this chapter, we are going to cover what to do with data when running our queries outside of our lab environment and what things to consider in order to refine our queries.

In this chapter, we're going to cover the following main topics:

Understanding the hunt results
The importance of choosing good analytics
Testing yourself

Understanding the hunt results

All the exercises done so far have had an inherent unfairness to their nature: they were all made in a lab environment. The differences between hunting in a lab environment versus ...

Get Practical Threat Intelligence and Data-Driven Threat Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

Chapter 12: Understanding the Output

Understanding the hunt results

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly