Demystifying The Hunt How to Assess Your Threat Hunting Readiness and Prepare for the Next Step

Many organizations want to threat hunt, but dont know where to begin, how to measure success, or how to scale an effective program. The bar to successful hunting can appear intimidatingly high, reachable by only the most sophisticated, well-staffed SOCs, but the reality is that one individual, with the right data and some directional guidance, can begin their hunting journey today and start making immediate security contributions to their organization.

Join seasoned security instructors on this webcast who will walk you through the threat hunting maturity model and help you prepare for each step of the journey with specific guidance, concrete examples, best practices, and sample threat hunts. Since virtually all attacks must cross the network and traffic provides an inalterable record of activity, this webcast will focus primarily on network-based threat hunting using the open-source Zeek network security monitor.

Watch this webcast to learn how to assemble the systems, data, people and processes youll need to threat hunt and also see practical threat hunting exercises demoed by the instructors that you can instrument in your own environment to look for adversary behavior such as DNS-tunneling, C2 communications and more.

Corelight makes powerful network security monitoring (NSM) solutions that transform network traffic into rich logs, extracted files, and security insights, helping security teams achieve more effective incident response, threat hunting, and forensics. Corelight Sensors run on Zeek (formerly called “Bro”), the open-source NSM tool used by thousands of organizations worldwide. Corelight’s family of network sensors dramatically simplify the deployment and management of Zeek and expand its performance and capabilities. Corelight is based in San Francisco, California and its global customers include Fortune 500 companies, large government agencies, and major research universities.