Throughout this chapter, we have covered some of the basic concepts a threat hunter needs to understand to carry out hunts successfully and to interpret the information available. We covered some of the most prominent Windows-native tools available, as well as the way Windows records events to log files. Finally, we looked at a comprehensive (but not final) list of possible threat hunting data sources.
In the next chapter, we are going to learn about how to map intelligence reports using ATT&CK™ as part of the cyber threat intelligence process. In the chapters that follow this one, we are going to learn how to use these mappings to drive our hunts.