all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How do you actually threat hunt?

Add to bookmarks
May 30, 2023, 9:30 a.m. | /u/EffortOk98

cybersecurity www.reddit.com

Many tutorials and videos show threat hunting can be done easily with Sysmon and window logging enabled. But what if the organisation does not have sysmon enabled? Or certain key event codes like event code 4688 command line captured. Or for powershell event codes?

Or what if the EDR and SIEM already have the rules that cover most of the hunts. How do you figure what to hunt? What's your first approach ? Or how do you come up with …

code command command line cybersecurity edr event hunt hunting key logging organisation powershell siem sysmon threat threat hunting tutorials videos

Visit resource

More from www.reddit.com / cybersecurity

LockBit leader unmasked and sanctioned 3 hours ago | www.reddit.com
cybersecurity leader lockbit unmasked
SOC L3 feels like customer service 3 hours ago | www.reddit.com
alert alerts analyst connections +15
Hey cybersecurity peeps, what have you automated? 5 hours ago | www.reddit.com
automate automated boys can +8
Hackers discover how to reprogram NES Tetris from within the game 5 hours ago | www.reddit.com
cybersecurity discover game hackers +1
How can I break into cybersecurity after my IT audit internship? 13 hours ago | www.reddit.com
audit can cybersecurity don +1
It's RSA week, so get ready for some of the dumbest cybersec shit to be … 16 hours ago | www.reddit.com
business ciso cybersec cybersecurity +6
China hacked Ministry of Defence, Sky News learns 18 hours ago | www.reddit.com
china cybersecurity defence hacked +2
New-ish tools that are all the rage? 20 hours ago | www.reddit.com
cybersecurity free google home +6
Ring agrees to pay $5.6 million after cameras were used to spy on customers | … 23 hours ago | www.reddit.com
cameras customers cybersecurity malwarebytes +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Product Regulatory Compliance Specialist

@ Avery Dennison | Oegstgeest, Netherlands
View on infosec-jobs.com

Cyber Security Analyst

@ FinClear | Melbourne, Australia
View on infosec-jobs.com

Senior Application Security Manager, United States-(Virtual)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr
View on infosec-jobs.com

Vice President - Information Security Management - FedRAMP

@ JPMorgan Chase & Co. | Chicago, IL, United States
View on infosec-jobs.com

Vice President, Threat Intelligence & AI

@ Arctic Wolf | Remote - Minnesota
View on infosec-jobs.com

Cybersecurity Analyst

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States
View on infosec-jobs.com
View more jobs