Threat Hunting Levels: From Initial to Defined

Questions and Answers

What is the primary goal of profiling threat actors and activities?

• To generate a hypothesis
• To understand how threat actors function (correct)
• To create a calendar
• To identify the most concerning threats

What is a hypothesis in the Threat Hunting Process?

• A threat intelligence feed
• A malware analysis tool
• A tentative assumption to be tested (correct)
• A confirmed threat

What is the purpose of generating a hypothesis in the Threat Hunting Process?

• To investigate and test a tentative assumption (correct)
• To profile threat actors and activities
• To create a calendar
• To identify the most concerning threats

What is the MITRE ATT&CK Matrix used for?

To categorize and understand attacker tactics (C)

What is the purpose of searching, clustering, grouping, stack counting, and machine learning in the Threat Hunting Process?

To test a hypothesis and investigate an assumption (D)

What is the final step in the Threat Hunting Process?

Act on results (B)

What is the purpose of combining various threat intelligence feeds?

To gain integrated intelligence (D)

What is executable process analysis used for?

To analyze how malware functions (D)

What is the first step in the Threat Hunting Process?

Profile threat actors and activities (A)

What is the purpose of creating a calendar in the Threat Hunting Process?

To organize and prioritize tasks (D)