Week 9 - BSIT380-T303 System Hardening and Network R - Process for threat hunting.

Threat hunting is a proactive cybersecurity process aimed at identifying and mitigating threats that evade traditional security measures. It involves a systematic approach with the following key steps:

1. Hypothesis Generation

  • Define potential threats based on intelligence sources, past incidents, or behavior analytics.
  • Use frameworks like MITRE ATT&CK to identify attack patterns.

2. Data Collection

  • Gather relevant security logs, network traffic, endpoint data, and SIEM (Security Information and Event Management) system outputs.
  • Utilize threat intelligence feeds for enriched context.

3. Data Analysis & Investigation

  • Perform behavioral analysis and anomaly detection to uncover hidden threats.
  • Use threat-hunting tools like EDR (Endpoint Detection and Response), IDS/IPS, and forensic analysis platforms.

4. Hypothesis Testing & Detection

  • Execute queries and hunt for Indicators of Compromise (IOCs) or Tactics, Techniques, and Procedures (TTPs).
  • Analyze correlations between events to validate the hypothesis.

5. Response & Remediation

  • If a threat is confirmed, initiate incident response (containment, eradication, and recovery).
  • Update security policies, signatures, and defense mechanisms to prevent future incidents.

6. Documentation & Improvement

  • Record findings, methods, and outcomes for future reference.
  • Refine hunting techniques based on lessons learned and feedback loops.

Comments

Post a Comment

Popular posts from this blog

Week 3 Posting - RAM Making Your Everyday Tasks Easier

          Random Access Memory is your computer’s short-term memory, unlike the long-term memory with a hard drive or SSD, RAM stores date temporality while your computer is running. When you open an application or a file, your computer loads it into RAM for quick access. This allows your computer to do tasks faster because accessing data from the RAM is much quicker than fetching it from storage. The more RAM you have the more applications and data your computer can handle without slowing down. RAM is good for multitasking, gaming, video editing, and resource-intensive tasks. In conclusion, RAM is kind of the unsung hero of your computer, enabling it to handle tasks swiftly and efficiently. Understanding its significance can help you make informed decisions about upgrading your system’s memory for a better computer experience.
Read more

Week 5 Post - Cleaning Your Windows 10 Machine

               It is very important to keep your Windows 10 machine; and we are not talking with Windex. You want to keep your PC clean, and I am going to tell you how to keep it clean and make sure you keep all of your important data. First off you want to start by backing up all of your important data; you can either use a external hard drive or one drive, I would suggest an external hard drive then you have a spare copy of your data incase your computer crashes. Next up go through the programs you are not using anymore, and fully install and delete those. Another good way of cleaning up your PC is clearing the temp files, or temporary files, these can be found by searching the C: drive. Up next you want to run any updates you need; this will boost your performance and make run things smoothly. Then you can put your data back on you computer and organize it to your liking. There are many ways to clean up your PC this is just a process I run...
Read more

Week 1 - BSIT220-T301 Network Mgmt & Infrastructure

                  This is my 2 nd blog I have done, and my 13 th blog post I have ever done, did one a week in my previous class here at Bellevue. I would say I have some knowledge about the Network+ and Network models from my previous college. At Southeast Tech we got to work on all sorts of network equipment and troubleshoot it as well. We worked on servers, routers, switches, access points, and more. We got to build networks on server racks and ping and use all sorts of commands, so I have a nice background with information, and I am excited to learn more about that as well as the Network+ certification and what it takes to get that.
Read more