Elastic: Ad-Hoc Threat Hunting with Elastic Security

Operationalizing a threat hunting function is a tall order for many security teams. The idea of dedicating a program to pursuing what is by nature unpredictable can seem contradictory. But threat hunting, as daunting as it can seem, is integral to identifying constantly changing adversary behavior.

The first step is to establish a strong methodology for ad-hoc investigation. From there, the same skills, technology, and process can be easily extended to support a formal, scalable hunting practice.

In this webinar, you’ll learn to take that first step. We’ll cover key aspects of a strong ad-hoc methodology for investigation and hunting, which include:

• Data collection: Immediate access to any and all data that could be relevant
• Search and analysis: Uninterrupted context gathering and on-the-fly verification
• Hunting fundamentals: Maintaining a continuous, iterative, and stepwise workflow

Using Elastic Security, we will demonstrate the importance of these core pillars in the context of a phishing attack scenario (APT34), highlighting how to improve hunt effectiveness during various stages of the attack.