Ad hoc threat hunting with Elastic Security

Operationalizing a threat hunting function is a tall order for many security teams. The idea of dedicating a program to pursuing what is by nature unpredictable can seem contradictory. But threat hunting, as daunting as it can seem, is integral to identifying constantly changing adversary behavior.

The first step is to establish a strong methodology for ad-hoc investigation. From there, the same skills, technology, and process can be easily extended to support a formal, scalable hunting practice.

In this webinar, you’ll learn to take that first step. We’ll cover key aspects of a strong ad-hoc methodology for investigation and hunting, which include:

  • Data collection: Immediate access to any and all data that could be relevant
  • Search and analysis: Uninterrupted context gathering and on-the-fly verification
  • Hunting fundamentals: Maintaining a continuous, iterative, and stepwise workflow

Using Elastic Security, we will demonstrate the importance of these core pillars in the context of a phishing attack scenario (APT34), highlighting how to improve hunt effectiveness during various stages of the attack.

Additional Resources:

Jae Lee

Senior Director of Product Marketing, Security

Elastic

James Spiteri

Solutions Architect, Cyber Security Specialist Solutions Lead

Elastic

Register to watch

You'll also receive an email with related content