Types of threat hunts
There are technically four distinct categories of threat hunts that can be conducted. These are all based upon two main factors-the amount of information known about the adversary (intelligence) and the amount of information known about the targeted network (network knowledge).
Definitions
Intelligence: The level of understanding about the adversary the organization is concerned about
Network knowledge: The level of detailed understanding of the target network
Four different categories of threat hunts are possible:
- Low intelligence/low network knowledge: A review of data is provided, which could end up being random artifacts unrelated to each other, requiring the establishment of a pseudo network baseline. Do not do this as it is not repeatable! While it can be fun for an individual, it will be driven by the personality of the hunter whether or not the organization benefits from the resources expended.
- High intelligence/low network knowledge...