Threat hunting has become a popular term in recent years, often used as a buzzword. Many organisations have started to adopt the function, or at least assign someone within the security team to take on “hunting” responsibilities.
Over the past 2–3 years, I’ve worked directly in threat hunting, building on a background in Digital Forensics and Incident Response (DFIR) and security monitoring.
While there’s no shortage of books, blogs, reports, and papers on the subject, not all of them are useful, relevant, or even accurate. Each tends to offer its own take on what threat hunting is, how it should be done, and how it fits into broader security operations.
Through a mix of reading, hands-on trial and error, and countless conversations with seasoned professionals, I’ve worked to develop a reliable, consistent, and repeatable methodology for planning, executing, and reporting on a threat hunt.