Generating Hypotheses for Successful Threat Hunting
Threat hunting is a proactive and iterative approach to detecting threats. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated. One of the human's key contributions to a hunt is the formulation of a hypotheses to guide the hunt. This paper explores three types of hypotheses and outlines how and when to formulate each of them.
37172 (PDF, 2.65MB)
15 Aug 2016Related Content
SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes
Research PaperThis white paper offers invaluable knowledge to help you navigate the complexities of securing...
- 27 Aug 2024
- Kenneth G. Hartman
Recover an RSA Private Key from a TLS v1.2 session
Research PaperCyberattacks happen every day.Most organizations have administrative and technical controls...
- 22 Jun 2022
Recommendations for small/medium-sized businesses enabling incident response
Research PaperSecurity incidents are inevitable. While large businesses can afford security teams to prepare and...
- 17 Jan 2022
Are You Hitting the Mark with DMARC?
Research PaperAs organizations struggle to protect their end-users from email attacks despite pragmatic methods...
- 12 Feb 2020
Practical implementation of the Australian Signals Directorate Essential Eight Maturity Model to Level Three within residential University colleges.
Research PaperThe Australian Signals Directorate (ASD) Essential Eight Maturity Model is a subset of the ASDs...
- 21 Aug 2018
Privacy and the Internet of Things
Research PaperThe Internet of Things has gotten a lot of attention over the past year or so, and for good reason....
- 25 Oct 2017
The Information We Seek
Research PaperWhether you are performing a penetration test, conducting an investigation, or are skilled attackers...
- 25 Oct 2016
Windows Installed Software Inventory
Research PaperThe 20 Critical Controls provide a guideline for the controls that need to be placed in our networks...
- 7 Sep 2016
- Jonathan Risto
Applying Machine Learning Techniques to Measure Critical Security Controls
Research PaperImplementing and measuring Critical Security Controls (CSC) requires analyzing all data types...
- 6 Sep 2016
Android Security: Web Browsers and Email Applications
Research PaperMobile devices are popular communication tools that allow people to stay connected in most places at...
- 29 Aug 2016
Simple Approach to Access Control: Port Control and MAC Filtering
Research PaperMany times businesses will spend time and money on 'Magic Bullet' security and focus on a single...
- 22 Aug 2016
Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology
Research PaperEvaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology
- 31 May 2016
Detecting a Targeted Data Breach with Ease: A SANS Product Review
Research PaperA product review by Jake Williams. It examines LightCyber Magna, focusing on itseffectiveness in...
- 21 Oct 2015
- Jake Williams
Case Study: Critical Controls that Sony Should Have Implemented
Research PaperOn November 24, 2014, an incident almost pulled right out of a 90's hacker movie transformed into a...
- 22 Jun 2015
The What, Where and How of Protecting Healthcare Data
Research PaperMitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting...
- 6 Apr 2015
Let's face it, you are probably compromised. What next?
Research PaperLong live the operator! At a point in time, they were the backbone of the phone system, ensuring...
- 15 Dec 2014
MalwareD: A study on network and host based defenses that prevent malware from accomplishing its goals.
Research PaperThis SANS survey report explores how widely the CSCs are being adopted, as well as what challenges...
- 17 Sep 2014
Implementing Public Key Infrastructure (PKI) Using Microsoft Windows Server 2012 Certificate Services
Research PaperComputers pose a risk to companies due to the nature of the information they store. Most...
- 16 Sep 2014
Implementation and use of DNS RPZ in malware and phishing defence
Research PaperThere has been growing interest in the use of DNS RPZ (domain name system response policy zones) as...
- 3 Apr 2014
Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment
Research PaperLog Management and Intrusion Detection solutions have been evolving for years. Yet, it remains a...
- 8 Aug 2012