Part 3. Threat hunting using advanced analytics

 

As your threat-hunting knowledge and experience grow, so do your knowledge and experience in harnessing advanced techniques. This part of the book introduces you to statistics and machine learning. You’ll move beyond basic techniques, applying core data science principles to identify sophisticated threats.

In chapter 6, you’ll learn the effective use of statistical tools like standard deviation to identify anomalies and reveal subtle indications of network traffic compromise. This chapter will give you practical expertise to apply in real-world situations.

Chapter 7 extends these statistical principles by demonstrating how to fine-tune statistical calculations and adjust parameters to improve accuracy. Fine-tuning helps uncover sophisticated adversary techniques, making you a more effective threat hunter.

Chapter 8 introduces unsupervised machine learning models with k-means clustering. You’ll learn to use unsupervised machine learning to group similar data points, such as in network traffic or system logs, and identify unusual behaviors that may indicate a compromise.

Chapter 9 focuses on supervised learning models, which use labeled data. We’ll explore simple yet powerful algorithms like Random Forest and XGBoost to classify threats based on historical data.