Threat Hunting Resources

Introduction

Threat hunting as a profession and security strategy has gained tremendous popularity in recent years. Due to its proactive nature, threat hunting allows companies to actively track down potential breaches and invasions. However, acquiring an in-depth knowledge of threat hunting techniques and strategies through accurate resources is indispensable to becoming a true analyst and threat hunter. The following sections provide a deep dive into threat hunting resources, including books, guides, whitepapers, surveys, video lectures, forums, and discussion boards, many of which can be an invaluable form of learning for candidates.

What Are The Most Popular Books About Threat Hunting?

There is not an enormous library of books in the realm of threat hunting. However, some important books about this subject are described below:

HUNTPEDIA: Your Threat Hunting Knowledge Compendium

HUNTPEDIA is an excellent compendium published by Sqrrl—a software company that markets software programs for cybersecurity and Big Data analytics. A wonderful introduction entitled “The Origin of Hunting and Why It Matters” by Richard Beijtlich opens the book. The book is divided into two parts, seven chapters in part one, and six chapters in part two. A seasoned threat hunter and security analyst compiles each chapter. The material in this compendium includes the pyramid of pain, the diamond model, hunting with a large volume of logs, hunting for malicious DNSs, hunting anomalous behavior, using the Sqrrl tool for hunting, hunting for command and control, hunting critical processes, and leveraging machine learning.

The Hunter’s Handbook: Endgame’s Guide to Adversary Hunting

This book is written by Karen Scarfone, CISSP, ISSAP, with a foreword by Jamie Butler. The introduction of this book discusses reactive and proactive security approaches. It book reminds us that the reactive approach focuses on conventional methods of protection such as applying patches, installing firewalls and antivirus programs, and deploying (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/dhGofoOYEf0/