| Step | Action |
|------|--------|
| 1 | Receive TI report about new Lazarus Group TTPs – using DLL side-loading via trusted Microsoft executables. |
| 2 | Convert TTPs into hunt hypotheses: “Find instances where rundll32.exe spawned powershell.exe with network connection in last 30 days.” |
| 3 | Query your data lake (e.g., DeviceProcessEvents in Defender ATP or Splunk). |
| 4 | Investigate outliers – look for unsigned DLLs, rare parent-child relationships. |
| 5 | If malicious, write detection rule (Sigma/YARA) and feed back to TI loop. |
This closes the intelligence-to-hunting-to-detection loop. | Step | Action | |------|--------| | 1
Author: Valentina Costa-Gazcon
Publisher: Packt Publishing
Target Audience: SOC Analysts, Threat Hunters, Incident Responders, Security Engineers but as a structured
In the crowded space of cybersecurity literature, many titles suffer from being either too theoretical (discussing "cyber warfare" in abstract terms) or too tool-specific (functioning as a user manual for a specific vendor). Practical Threat Intelligence and Data-Driven Threat Hunting successfully bridges this gap. It is a hands-on guide that treats threat hunting not as an arcane art practiced by elites, but as a structured, scientific process rooted in data analysis. | Step | Action | |------|--------| | 1
For those searching for the PDF to understand the methodologies behind modern detection engineering, this book is a high-value resource that justifies its place on any security professional's digital shelf.