0Pricing
Cyber Security Academy · Lesson

Operationalizing Intel: Threat Hunting

Use threat intelligence to formulate hypotheses and hunt for attacker activity in your environment.

What is Threat Hunting?

Threat hunting is proactive search for threats that have evaded automated detection. Hunters start with a hypothesis based on threat intelligence — then dig through logs to confirm or deny it, discovering attacks that alerts missed.

The Hunting Hypothesis

A good hypothesis is specific, testable, and grounded in threat intelligence. Start with ATT&CK techniques used by threat actors targeting your sector, or recent threat intel reports about campaigns.

# Hypothesis examples:
# "APT28 uses T1547.001 (Registry Run Keys)
#  for persistence — are there unusual Run keys
#  created in the last 30 days?"

# "Ransomware groups enumerate shares before
#  exfiltration — are there spikes in SMB
#  enumeration from internal hosts?"

# Turn each into a SIEM query

All lessons in this course

  1. Threat Intelligence Types and Sources
  2. MITRE ATT&CK Framework
  3. STIX, TAXII, and Threat Sharing
  4. Operationalizing Intel: Threat Hunting
← Back to Cyber Security Academy