Threat Hunting Matrix

This matrix defines the steps of the Threat Hunting Loop for each level of the Threat Hunting Maturity Model:

• Maturing hypothesis creation is dependent on increasing and leveraging the intel that you have at your disposal to craft dynamic new questions.
• Maturing the tools and techniques used to follow up on hypotheses is dependent on the kinds of hunt procedures you can utilize and how powerful the analysis and visualization capabilities of your tools are.
• Maturing your pattern and TTP detection is dependent on expanding the kinds of Indicators of Compromise you can collect from the Pyramid of Pain. This also includes mapping the behaviour trends of adversaries over time to better understand your threat landscape.
• Finally, maturing analytics and automation is dependent on the optimization of how routinely and how effectively you can carry out a hunt and feed the information you gather back into your automated detection systems.
  ^[1]

Relevant Note(s): Threat Hunting