This entry-level course in threat hunting and threat intelligence provides foundational knowledge in threat hunting methodologies and techniques, including the application of information security frameworks, and threat intelligence. This course employs open-source tools to perform threat hunting and analysis in hands-on labs, touching on threat hunting use cases, hunting techniques, and key tactics.

This course is part of the Trellix Cyber Operations team’s Foundations in Incident Response Education (FIRE) track of general defensive security training.

Learners are provided a blend of lecture, discussions, and hands-on labs.

• Define key terms in threat hunting and threat intelligence
• Describe the TaHiTI methodology
• Apply the MaGMa framework for use cases
• Contrast methodologies and the techniques they support
• Identify key tactics and techniques of the adversary
• Use investigative tools for threat hunting

• Course Introduction
• Threat Hunting Overview
• The Adversaries
• Analytical Thinking
• Maturity Methodologies Techniques
• Hunting Tools Overview
• Hunting: Network
• Hunting: Endpoint
• Hunting: Application
• Hunting: Use Cases

This course is intended for beginning threat hunters, incident responders, information security staff, auditors, SOC analysts, investigators, and consultants responsible for threat hunting and threat intelligence.

Students taking this course should have a working knowledge of Windows/Linux/macOS operating systems, and network technologies. Basic understanding of information security, command line syntax, malware, and analytical thinking recommended.