What are Threat Hunting Missions?

What are Threat Hunting Missions? #

A Threat Hunt Missions is a semantic and operational unit of work that structures threat hunting efforts around a topic, theme, threat actor, etc.

  • Missions represent units of time, which are usually measured in sprints within an Agile framework.
  • Hunt Missions are iterative in nature, they can be improved upon and executed as many times as needed.
  • Hunt Missions are ideally collective efforts, where at least two hunters are participating in the design, development and execution.
  • Hunt Missions have a clearly designated “Mission Lead” whose role is to orient and drive the mission objectives. The Mission Lead is accountable for the mission end to end.
  • Hunt Missions are virtual structures, that can incorporate resources from other teams which don’t normally focus exclusively on hunting: SOC analysts, DFIR specialists, purple or red teamers, etc.
  • Last but not least, hunt missions make up an iterative approach towards innovation: the research performed during a mission development can quickly become a new service line or product offering.
Calendar June 20, 2023
Edit Edit this page