Overview

Threat hunting is human-driven, iterative, and systematic. It effectively reduces damage and overall risk to an organization, as its proactive nature enables security professionals to respond to incidents rapidly. The combination of dynamic intelligence, analytics, and situational awareness tools, and perpetual data monitoring, brings about a reduction in false positives and wasted time throughout the Security Operations Center.

The course begins with the basics of threat hunting and data on threat hunting. Moving on, you will understand the adversary. Further, you will learn the mapping and working of an adversary with a data adversary. Next, you will work on creating research environments. After that, you will learn how to query the data. Next, you will explore hunting the adversary. Further, you will learn the importance of documenting and automating the process. As you move on, you will explore communicating and assessing data quality. Next, you will learn to understand the output and defining good metrics to track success in threat hunting. Then you will learn tools such as firewalls, antivirus, endpoint management, network packet capture, and security information and event management (SIEM). You will also need access to threat intelligence resources so you can look up IP addresses, malware hashes, indicators of compromise (IoCs), and more. Finally, you will learn to real-world use cases to identify attacker techniques

By the end of the course, you will have the skills and knowledge to hunt for threats with various techniques when responding to security incidents.