Readings: Threat Hunting with Security Onion

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

Review the Submission Instructions for guidance on completing and submitting this assignment.

Reading/Video

What Is Threat Hunting and Why Is It so Important? – Video Blog

How are Threat Hunting and Pentesting different? *

What is the primary objective of Threat Hunting?

Your organization has a fully functioning SOC but not active Threat Hunting. How would you advocate for your security organization to start Threat Hunting activities?

Bookmark and Review

Active Countermeasures

• The creator of the RITA tool, AC is an excellent resource for threat hunting tools and topics.

SQRLL Archive

• “From about 2015 until they were purchased by Amazon Web Services (AWS) in early 2018, Sqrrl was a threat hunting platform vendor with an unusually strong focus on teaching the cybersecurity community about threat hunting best practices. They published some of what are still foundational documents about threat hunting.”