Threat Hunt Data Semantics #

An often overlooked aspect of threat hunting frameworks is the approach to data semiotics and semantics, i.e. what are the structures that produce sense-making and meaning extraction from data. Threat Hunting is, in the end, the child of data science and cyber security.

Data semantics is the ability to interpret data in order to gain a deeper understanding of underlying relationships and patterns that can provide higher levels of insight into the data set. This is a core concept of the AIMOD2 framework since it helps uncover the deeper levels of connectedness behind the data.

There is, however, one more reason for any threat hunt framework to make its data semantics explicit: to describe the differentiating factors that bring about diverse hunt types.