We may earn an affiliate commission when you visit our partners.
Threat Hunting
Review, Automate, and Improve
Brandon DeVault
Brandon DeVault
What are the follow-on tasks after completing a threat hunt? This course will teach you how to generate tangible outcomes and improve your threat hunting process.
Read more
What are the follow-on tasks after completing a threat hunt? This course will teach you how to generate tangible outcomes and improve your threat hunting process.
Read more
What are the follow-on tasks after completing a threat hunt? This course will teach you how to generate tangible outcomes and improve your threat hunting process.
Completion of a threat hunt involves not only the hunting, but ensuring tangible outputs to improve your organization's security. In this course, Threat Hunting: Review, Automate, and Improve, you'll learn to complete the threat hunting cycle with continuous automation and improvement. First, you'll explore the reporting process and how to measure success. Next, you'll discover how to build custom detection and automation mechanisms. Finally, you'll learn how to employ adversary emulation to improve detections. When you're finished with the course, you'll have the skills and knowledge of threat hunting needed to improve the maturity of your organization's threat hunting program.
Register for this course and see more details by visiting:
OpenCourser.com/course/bj5qh8/threat
What's inside
Syllabus
Course Overview
Continuous Improvement and Reporting
Custom Detection and Automation
Emulation and Detection
Read more
Syllabus
Course Overview
Continuous Improvement and Reporting
Custom Detection and Automation
Emulation and Detection
Read more
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Brings together threat hunting concepts, enabling students to have a foundational base in threat hunting and detection
Allows students to learn from Brandon DeVault, who is well known as a security researcher and creator of the MITRE ATT&CK Framework
Provides students with multiple options for improving the outcome of a threat hunt through threat detection, automation, and emulation
Content is delivered across video lectures, readings, and discussions, which can accommodate different learning styles and preferences
Completion of this course qualifies students to receive a certificate, which can be beneficial for career enhancement
This course may be a good choice for individuals who have some prior experience with threat detection and want to improve their skills.
Save this course
Save Threat Hunting: Review, Automate, and Improve to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Threat Hunting: Review, Automate, and Improve with these
activities:
Practice reporting basics
Show steps
Review the basics of reporting to solidify foundational knowledge that is essential for effective threat hunting.
Browse courses on
Incident Reporting
Show steps
-
Review types of reporting documents
-
Examine report structure and layout
-
Practice reporting on mock threats
Identify a mentor in the threat hunting field
Show steps
Offers guidance and insights from experienced practitioners.
Browse courses on
Threat Hunting
Show steps
-
Network with professionals in the threat hunting field
-
Identify potential mentors who align with your interests
-
Reach out and request mentorship
Participate in a threat hunting discussion forum
Show steps
Facilitates knowledge sharing and exposure to diverse perspectives in threat hunting.
Browse courses on
Threat Hunting
Show steps
-
Join a threat hunting discussion forum
-
Read and engage in discussions
-
Share knowledge and experiences
Seven other activities
Expand to see all activities and additional details
Show all ten activities
Attend a threat hunting workshop
Show steps
Provides hands-on experience and in-depth knowledge in threat hunting.
Browse courses on
Threat Hunting
Show steps
-
Research and identify relevant threat hunting workshops
-
Register and attend the workshop
-
Participate actively in discussions and exercises
Detection automation exercises
Show steps
Develop proficiency in designing and implementing automated detection mechanisms to strengthen threat hunting capabilities.
Browse courses on
Threat Detection
Show steps
-
Explore automation tools and techniques
-
Build custom detection rules
-
Test and refine detection mechanisms
-
Integrate detection mechanisms with threat hunting tools
Write a report on threat hunting findings
Show steps
Provides experience in documenting and communicating threat hunting results.
Browse courses on
Threat Hunting
Show steps
-
Review threat hunting findings
-
Organize and structure the report
-
Write a clear and concise report
Analyze threat hunting data in Splunk
Show steps
Develops proficiency in using Splunk for threat hunting.
Browse courses on
Splunk
Show steps
-
Load threat hunting data into Splunk
-
Create and run searches to identify potential threats
-
Analyze search results and determine false positives
Emulation techniques tutorial
Show steps
Enhance threat detection capabilities by exploring advanced emulation techniques and their application in threat hunting scenarios.
Browse courses on
Adversary Emulation
Show steps
-
Review principles of adversary emulation
-
Understand emulation tools and frameworks
-
Practice employing emulation techniques
Build a threat hunting tool using Python
Show steps
Builds practical skills in threat hunting and Python programming.
Browse courses on
Python
Show steps
-
Research threat hunting Python libraries
-
Design and develop a threat hunting script
-
Test and evaluate the script
Contribute to an open-source threat hunting tool
Show steps
Provides practical experience in threat hunting and open-source development.
Browse courses on
Threat Hunting
Show steps
-
Identify an open-source threat hunting tool
-
Review the tool's codebase and documentation
-
Make and submit a code contribution
Practice reporting basics
Show steps
Review the basics of reporting to solidify foundational knowledge that is essential for effective threat hunting.
Browse courses on
Incident Reporting
Show steps
Show steps
Show steps
- Review types of reporting documents
- Examine report structure and layout
- Practice reporting on mock threats
Identify a mentor in the threat hunting field
Show steps
Offers guidance and insights from experienced practitioners.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Network with professionals in the threat hunting field
- Identify potential mentors who align with your interests
- Reach out and request mentorship
Participate in a threat hunting discussion forum
Show steps
Facilitates knowledge sharing and exposure to diverse perspectives in threat hunting.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Join a threat hunting discussion forum
- Read and engage in discussions
- Share knowledge and experiences
Seven other activities
Expand to see all activities and additional details
Show all ten activities
Attend a threat hunting workshop
Show steps
Provides hands-on experience and in-depth knowledge in threat hunting.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Research and identify relevant threat hunting workshops
- Register and attend the workshop
- Participate actively in discussions and exercises
Detection automation exercises
Show steps
Develop proficiency in designing and implementing automated detection mechanisms to strengthen threat hunting capabilities.
Browse courses on
Threat Detection
Show steps
Show steps
Show steps
- Explore automation tools and techniques
- Build custom detection rules
- Test and refine detection mechanisms
- Integrate detection mechanisms with threat hunting tools
Write a report on threat hunting findings
Show steps
Provides experience in documenting and communicating threat hunting results.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Review threat hunting findings
- Organize and structure the report
- Write a clear and concise report
Analyze threat hunting data in Splunk
Show steps
Develops proficiency in using Splunk for threat hunting.
Browse courses on
Splunk
Show steps
Show steps
Show steps
- Load threat hunting data into Splunk
- Create and run searches to identify potential threats
- Analyze search results and determine false positives
Emulation techniques tutorial
Show steps
Enhance threat detection capabilities by exploring advanced emulation techniques and their application in threat hunting scenarios.
Browse courses on
Adversary Emulation
Show steps
Show steps
Show steps
- Review principles of adversary emulation
- Understand emulation tools and frameworks
- Practice employing emulation techniques
Build a threat hunting tool using Python
Show steps
Builds practical skills in threat hunting and Python programming.
Browse courses on
Python
Show steps
Show steps
Show steps
- Research threat hunting Python libraries
- Design and develop a threat hunting script
- Test and evaluate the script
Contribute to an open-source threat hunting tool
Show steps
Provides practical experience in threat hunting and open-source development.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Identify an open-source threat hunting tool
- Review the tool's codebase and documentation
- Make and submit a code contribution
Career center
Learners who complete Threat Hunting: Review, Automate, and Improve will develop knowledge and skills
that may be useful to these careers:
Information Security Analyst
Information Security Analyst
An Information Security Analyst is responsible for protecting an organization's information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help an Information Security Analyst to develop the skills needed to improve the security of an organization.
Cybersecurity Analyst
Cybersecurity Analyst
A Cybersecurity Analyst is responsible for protecting an organization's computer systems and networks from cyberattacks. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Cybersecurity Analyst to develop the skills needed to improve the security of an organization.
Cloud Security Analyst
Cloud Security Analyst
A Cloud Security Analyst is responsible for protecting an organization's cloud-based assets from unauthorized access, use, disclosure, disruption, modification, or destruction. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Cloud Security Analyst to develop the skills needed to improve the security of an organization.
Computer Forensics Analyst
Computer Forensics Analyst
A Computer Forensics Analyst is responsible for collecting, analyzing, and interpreting digital evidence from computers and other devices. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Computer Forensics Analyst to develop the skills needed to improve the security of an organization.
Network Security Analyst
Network Security Analyst
A Network Security Analyst is responsible for protecting an organization's network from unauthorized access, use, disclosure, disruption, modification, or destruction. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Network Security Analyst to develop the skills needed to improve the security of an organization.
Security Engineer
Security Engineer
A Security Engineer designs, implements, and maintains security systems to protect an organization's data and networks. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Security Engineer to develop the skills needed to improve the security of an organization.
Security Analyst
Security Analyst
A Security Analyst is responsible for monitoring and analyzing security systems to identify and mitigate threats. They also work to ensure that an organization's security systems are up-to-date and effective. The Threat Hunting: Review, Automate, and Improve course can help a Security Analyst to develop the skills needed to improve the security of an organization.
Data Scientist
Data Scientist
A Data Scientist is responsible for collecting, analyzing, and interpreting data to identify trends and patterns. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course can help a Data Scientist to develop the skills needed to improve the security of an organization.
Threat Intelligence Analyst
Threat Intelligence Analyst
A Threat Intelligence Analyst gathers and analyzes data to assess and understand the threats to an organization. This role involves identifying and tracking potential threats, as well as creating reports and providing guidance on how to mitigate these threats. The Threat Hunting: Review, Automate, and Improve course can help a Threat Intelligence Analyst to develop the skills needed to assess and understand threats.
Information Technology Auditor
Information Technology Auditor
An Information Technology Auditor is responsible for auditing an organization's information systems and processes to ensure that they are secure and compliant with regulations. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course may be useful for an Information Technology Auditor to develop the skills needed to improve the security of an organization.
Systems Administrator
Systems Administrator
A Systems Administrator is responsible for managing and maintaining an organization's computer systems and networks. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course may be useful for a Systems Administrator to develop the skills needed to improve the security of an organization.
Database Administrator
Database Administrator
A Database Administrator is responsible for managing and maintaining an organization's databases. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course may be useful for a Database Administrator to develop the skills needed to improve the security of an organization.
Network Administrator
Network Administrator
A Network Administrator is responsible for managing and maintaining an organization's networks. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course may be useful for a Network Administrator to develop the skills needed to improve the security of an organization.
Software Engineer
Software Engineer
A Software Engineer is responsible for designing, developing, and maintaining software applications. They work to identify and mitigate threats, and to improve the overall security of an organization. The Threat Hunting: Review, Automate, and Improve course may be useful for a Software Engineer to develop the skills needed to improve the security of software applications.
Incident Responder
Incident Responder
An Incident Responder leads the determination of the scope and impact of security breaches, as well as formulating a plan for reporting these events. They are responsible for determining the weakest areas in a network, as well as for establishing measures to prevent breaches in these areas. The Threat Hunting: Review, Automate, and Improve course may be useful, as it can help an Incident Responder to understand how to effectively improve the security of a network.
For more career information including salaries, visit:
OpenCourser.com/course/bj5qh8/threat
Reading list
We've selected five books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Threat Hunting: Review, Automate, and Improve.
This practical guide offers hands-on techniques and tools for threat hunting in real-world environments, focusing on threat detection and incident response
Save
This classic work provides a captivating account of a real-world cyber espionage investigation, offering insights into threat hunting techniques and methodologies
Provides a deep understanding of network security monitoring, which critical aspect of threat hunting
Save
Provides a fascinating look at the human element of security. It provides insights into how attackers can exploit human weaknesses to gain access to systems and data. It valuable resource for anyone looking to improve their security awareness.
Provides a comprehensive overview of network security assessment. It covers topics such as vulnerability assessment, penetration testing, and security audits. It valuable resource for anyone looking to improve their network security skills.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/bj5qh8/threat
Share
Similar courses
Here are nine courses similar to
Threat Hunting: Review, Automate, and Improve.
Threat Hunt with IBM Security QRadar
OpenCourser.com/course/yjuhop/threat
Threat Hunt with IBM Security QRadar
Most relevant
Threat Hunting: Hypothesize and Plan
OpenCourser.com/course/f8z7er/threat
Threat Hunting: Hypothesize and Plan
Most relevant
Specialized Hunts: Threat Hunting within Active Directory
OpenCourser.com/course/h1rli7/specialized
Specialized Hunts: Threat Hunting within Active Directory
Most relevant
Threat Hunt with PowerShell
OpenCourser.com/course/54aehn/threat
Threat Hunt with PowerShell
Most relevant
Specialized Hunts: Threat Hunting within Virtual Machines
OpenCourser.com/course/0baze3/specialized
Specialized Hunts: Threat Hunting within Virtual Machines
Most relevant
Threat Hunting: Endpoint Hunting
OpenCourser.com/course/t88v82/threat
Threat Hunting: Endpoint Hunting
Most relevant
Threat Hunting: Network Hunting
OpenCourser.com/course/mc3hqw/threat
Threat Hunting: Network Hunting
Most relevant
Specialized Hunts: Threat Hunting within Mail Servers
OpenCourser.com/course/999ai3/specialized
Specialized Hunts: Threat Hunting within Mail Servers
Most relevant
Advanced Threat Hunting and Incident Response
OpenCourser.com/course/lyg7qj/advanced
Advanced Threat Hunting and Incident Response
Most relevant
Time
96 hours
Level
Intermediate
Via
Pluralsight
Instructor
Brandon DeVault
Language
English
Good to know
Brings together threat hunting concepts, enabling students to have a foundational base in threat hunting and detection
Allows students to learn from Brandon DeVault, who is well known as a security researcher and creator of the MITRE ATT&CK Framework
Provides students with multiple options for improving the outcome of a threat hunt through threat detection, automation, and emulation
Content is delivered across video lectures, readings, and discussions, which can accommodate different learning styles and preferences
Completion of this course qualifies students to receive a certificate, which can be beneficial for career enhancement
This course may be a good choice for individuals who have some prior experience with threat detection and want to improve their skills.
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser