May 2018
Intermediate to advanced
72 pages
1h 57m
English
Content preview from Threat Hunting
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 4. A Dictionary of Threat Hunting Techniques
This chapter provides short summaries of various techniques for threat hunting data analysis. It is structured as follows: “Core Concepts” covers some basic concepts that repeat throughout the section; “Basic Techniques” is an overview of basic techniques—primarily searching and counting; “Situational Awareness of Your Network: Mapping, Blindspots, Endpoint Detection” focuses on techniques concerning developing situational awareness of your own network; “Techniques for Discovering Indicators” covers techniques that are used to identify anomalous behavior; “Data Analysis and Aggregation Techniques” covers techniques for manipulating and aggregating data; and finally, “Visualization Techniques” discusses visualization and summarization techniques.
For the sake of brevity, in each section we begin with a breakdown of the techniques covered and their common features. Each section will then have a short summary of each technique; this summary describes the technique, tries to provide an example where possible, and provides recommendation for tools and further reading on the topic.
Core Concepts
The following three concepts should help you in the process of running and communicating hunts: the Cyber Kill Chain is a model of how attacks take place, the concept of ranking versus detection provides guidance for how to move away from binary classification towards finding weirdness, and the use of finite cases helps avoid analysis paralysis. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.