Question

Give the 5-step process of Manual Threat hunting.

a) Planning, Collection, Analysis, Response, Reporting
b) Detection, Analysis, Mitigation, Recovery, Documentation
c) Observation, Hypothesis, Validation, Response, Conclusion
d) Reconnaissance, Intrusion, Analysis, Remediation, Post-Mortem

Answer 1

The 5-step process of manual threat hunting includes Observation, Hypothesis, Validation, Response, and Conclusion. It ensures a proactive approach to identify and mitigate potential security incidents in an organized manner.

Step-by-step explanation:

The correct 5-step process of manual threat hunting is: Observation, Hypothesis, Validation, Response, Conclusion. This methodology ensures a proactive and systematic approach to identifying potential security incidents before they can cause damage. Here's a brief overview of each step:

1. Observation: Threat hunters begin with observing the environment, looking for anomalies or signs of malicious activity that deviate from the norm.
2. Hypothesis: They generate hypotheses based on the initial observations or intelligence about potential threats or attacker tactics.
3. Validation: They test these hypotheses by collecting and analyzing data from various sources within the IT infrastructure.
4. Response: Depending on the findings, a response is formulated and executed to mitigate any identified threats.
5. Conclusion: Finally, the threat hunters document their findings, reflect on the hunt's efficacy, and make recommendations for future improvements to the security posture.

Each step is critical to the threat hunting process, providing a meticulous and structured approach to enhancing an organization's cybersecurity.