Threat Hunting is the current "Hot Sexy" topic in defensive infosec. It is good and if your org is mature enough, it can be really valuable.
However, *please* remember to turn hunts into monitoring. If you are re-running the same hunts, you are doing it wrong.
As a rule of thumb, make a hypothesis, hunt/test for it. Then if it works (i.e. you can get meaningful data, not just find evil) then convert it into your continuous monitoring.

If you miss this step, you are missing 75% of the point of a threat hunt.
A good example (not my idea!) is a hunt to find if anything has changed the Windows Firewalls settings from default. After this, you could build a daily sweep to check and alert if anything has modified it since the previous scan.
If you turn your hunts into monitoring, your security posture will improve by orders of magnitude.

If you just hunt, or just monitor, it will improve but much, much slower.
You can follow @tazwake.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more