"Active Thread Hunting" - How to start?

Hello,

​

i work for a big company (10.000+ Clients) and we have some good security setup
(Endpoint protection, IPS, Professional WAFs, active Bloodhound Scans to find weak Account(Paths), 10 headed IRT Team, Full Sysmon-Log Forwarding to SIEM)


The company always focused on "we need to build up defense", what was a good idea back in the days.

​

But on nearly every training we join, on every modern Blogwe see, on every article we read:

"you need Active Thread …

account amp big big company bloodhound blueteamsec build clients defense endpoint endpoint protection find forwarding hello hunting ips log protection scans security siem start sysmon team the company work