Ad hoc threat hunting with Elastic Security

Jae Lee

Elastic

James Spiteri

Director, product management, security

Elastic

Operationalizing a threat hunting function is a tall order for many security teams. The idea of dedicating a program to pursuing what is by nature unpredictable can seem contradictory. But threat hunting, as daunting as it can seem, is integral to identifying constantly changing adversary behavior.

The first step is to establish a strong methodology for ad-hoc investigation. From there, the same skills, technology, and process can be easily extended to support a formal, scalable hunting practice.

In this webinar, you’ll learn to take that first step. We’ll cover key aspects of a strong ad-hoc methodology for investigation and hunting, which include:

• Data collection: Immediate access to any and all data that could be relevant
• Search and analysis: Uninterrupted context gathering and on-the-fly verification
• Hunting fundamentals: Maintaining a continuous, iterative, and stepwise workflow

Using Elastic Security, we will demonstrate the importance of these core pillars in the context of a phishing attack scenario (APT34), highlighting how to improve hunt effectiveness during various stages of the attack.

Additional Resources:

• Try Elastic Security for yourself with the free and open Elastic SIEM
• Learn more about threat hunting fundamentals with The Elastic Guide to Threat Hunting
• Start adding data to your Elastic Security deployment with this blog post
• Learn more in this blog about the detection rules public repository