Threat hunting is a critical and necessary operation to increase the chances of detecting threats that can otherwise slip through existing preventative and detective controls. Many organizations currently perform or are planning to start their threat hunting practices — but what can they do to identify and establish the requirements for effective hunting?
Threat hunting requires skills, tools, and data to be successful. The famous SOC triad — network, endpoint, and logs — can help organizations adequately plan for hunting and deploy the required tools and processes. This session will provide an overview of how the SOC triad supports threat hunting and provide examples of this practice leveraging the three components of the triad.