Threat Hunting - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
Log analysis doesn't cut it when it comes to network protection. There needs to be an active search for attackers in a network for it to be effective.
Vocabulary
Threat Hunting:
- forensic searches of all systems to find indicators of compromise (IOCs) resulting in a compromise assessment.
- active network protection vs passive/reactive like SIEM