Generating Hypotheses for Successful Threat Hunting

by Robert M. Lee and David Bianco
Sept. 1, 2017 0 comments SANS Institute threat hunting

Threat hunting is a proactive and iterative approach to detecting threats. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated. One of the human’s key contributions to a hunt is the formulation of a hypotheses to guide the hunt. This paper explores three types of hypotheses and outlines how and when to formulate each of them.