Part 2. Threat-hunting expeditions

 

Now that you have a good grasp of the fundamentals of cyber threat hunting, it’s time to roll up your sleeves and conduct your set of expeditions. In part 2, you’ll transform theoretical knowledge into practice, planning and executing real-world threat-hunting expeditions.

Chapter 3 guides you through your first threat-hunting expedition. You’ll learn to create a focused threat-hunting play, from defining your hunting hypothesis and choosing the targets to applying a structured hunting methodology.

Chapter 4 dives into integrating threat intelligence into hunting expeditions. You’ll learn how to use threat-intelligence information to enhance your hunts by understanding the behaviors of known threat actors, identifying tactics, techniques, and procedures and correlating them with activities and traces in your environment.

In chapter 5, the focus shifts to hunting in the cloud, a complex environment that presents unique challenges for threat hunting. Now that many services are hosted in the cloud, understanding how to hunt in these environments is more critical than ever. This chapter covers cloud-native telemetry, threat vectors specific to cloud services and Kubernetes, and best practices for hunting in cloud ecosystems.

By the end of this part, you’ll have conducted a few threat-hunting expeditions on-premises and in the cloud.