Threat hunting can be labeled as a process that looking for any bad actors on the network connection actively. Threat hunting will be focusing on the process on the pattern matching over the network communication which verifies the actor’s special traits against statics patterns.
Due to technology that been emerging nowadays, the biggest obstacle in threat hunting would be verification of a common language with a set of processes.
The process of proactive cyber threat hunting typically involves three steps: a trigger, an investigation, and a resolution.
Threat Hunting Process
First step: Trigger
Threat hunters that will trigger a specific system or area of the network to verify advanced detection tools for further investigation. This process will verify and identify any unusual actions.
Second Step: Investigation
In the Investigation process, threat hunters will use some technology to look deep into any potentially malicious code that damage the system itself. This process will continues until the system have been redeemed safe to be used to other people.
Third Step: Recommendation
During Recommendation process will include communication between the teams in terms of any malicious activity that might be residing in the system.
Threat Intelligence is a little different from Threat Hunting which Threat Intelligence will gather a group of data related to existing threat actors that have been spread in the wild. Normally, all the information gathered will be delivered to upper management in organizations via a feed of threat intelligence.
Threat Intelligence team can report any activities of any certain threat actors and make clarification on the tools and process. The main objective for the Threat Intelligence would be to ensure the contextualizing of the information and analyze the information which it will be used for the decision-making process later on.