Open Threat Hunting Framework
Establishing or maturing an effective threat hunting program is a challenging task compared to approaching threat hunting from an unofficial perspective where existing security resources execute ad-hoc hunts in their spare time however, a well-designed and dedicated threat hunting program can be a major driver in changing the security culture of an entire organization.
The purpose of this document is to provide foundational understanding of Threat Hunting and introduce the Open Threat Hunt Framework (OTHF) which are practical guidelines to developing and maturing an effective threat hunting program.
The goal of the OTHF is to provide organizations with a framework which provides guidance on implementing core organizational, operational, and technical components to launch and mature threat hunting operation. The OTHF is completely vendor and tool agnostic and not meant to be an exhaustive resource on threat hunting techniques or analysis but instead designed to present organizations with often overlooked pieces of threat hunting that have a massive impact on the success of the program.
While the overall OTHF is designed for organizations attempting to launch and mature a dedicated threat hunting program staffed with dedicated resources, the OTHF is modular by design to accommodate organizations who are unable to staff a dedicated team but can still leverage the operational components to begin or improve threat hunting within their organization.
TactiKoolSec
Grifter
Sameer Korrane