Threat Hunting
Threat hunting is the proactive, human-led search for threats that automated security tools have not detected. Hunters form hypotheses about attacker behavior, then query security telemetry (logs, EDR data, network flows) to confirm or refute them using TTPs from frameworks like MITRE ATT&CK.
Frequently Asked Questions
What is Threat Hunting?
Threat hunting is the proactive, human-led search for threats that automated security tools have not detected. Hunters form hypotheses about attacker behavior, then query security telemetry (logs, EDR data, network flows) to confirm or refute them using TTPs from frameworks like MITRE ATT&CK.
How is Threat Hunting related to TTP (Tactics, Techniques, and Procedures)?
Threat Hunting and TTP (Tactics, Techniques, and Procedures) are both key concepts in threat intelligence. TTPs describe the behavior of threat actors: the high-level goals they pursue (tactics), the specific methods they use to achieve those goals (techniques), and the detailed, repeatable actions that implement those methods (procedures). The MITRE ATT&CK framework catalogues TTPs used by real adversaries.