Threat Hunting may be one of the more glamorized components of modern security operations today. Every week we read of how modern security controls are being evaded and bypassed. We know that a more proactive approach to detecting Evil is needed. Still, Threat Hunting is much more complicated than reviewing our SIEM enriched and neatly packaged alerts that our security controls have decided are worth our attention. It can often be challenging to know where to start, obtain a high ROI, and measure and communicate value or progress with Threat Hunting.

In this talk, we are going to explore how to do just that.

It is not expensive tools or highly situational graphical user interfaces that are needed. What we need is a repeatable, scalable, and measurable process that will give the effort vision and direction at the beginning and the ability to validate maturation as advance in the dicipline. While paid products can help, there are more than enough open-source resources to develop a Threat Hunting operation that can reliably detect some of the techniques used by the advanced adversaries of our day.