The book itself focuses on bridging the gap between intelligence and action: Centralized Data : Setting up research environments using the
Practical Threat Intelligence and Data-Driven Threat Hunting : Valentina Costa-Gazcón Publisher : Packt Publishing
If you are looking to advance your skills in cyber threat intelligence and threat hunting, there are many robust open-source resources, training modules, and community-driven guides available to help you master these concepts. If you'd like, I can: The book itself focuses on bridging the gap
Reviewers note the title "Practical" is well-earned, with step-by-step instructions for real-world scenarios.
Threat intelligence refers to the collection and analysis of data and information about potential and active cyber threats. The goal of threat intelligence is to provide organizations with actionable insights to prevent, detect, and respond to cyber threats. Threat intelligence can include information about threat actors, their tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs). The goal of threat intelligence is to provide
Once a hunt successfully identifies a gap, the logic is transferred to detection engineers. They write permanent, automated alerts to ensure the security operations center (SOC) catches future occurrences instantly.
Anomalous API calls, unexpected MFA modifications, rapid resource creation Active Directory, Okta They write permanent, automated alerts to ensure the
To help you get the most specific guide or material for your team, let me know:
A Windows system service that provides deep visibility into process creations, network connections, and changes to file creation time.
To practice threat intelligence and data-driven hunting, setting up a dedicated, isolated lab environment is critical. This enables the analysis of malware behavior and the safe generation of telemetry logs. Open-Source Tooling Stack