🛡️Use Hunts to conduct end-to-end proactive threat hunting in Microsoft Sentinel🛡️
Proactive threat hunting is a process where security analysts seek out undetected threats and malicious behaviors. By creating a hypothesis, searching through data, and validating that hypothesis, they determine what to act on. Actions can include creating new detections, new threat intelligence, or spinning up a new incident.
📌Common use cases:
Proactively hunt based on specific MITRE techniques, potentially malicious activity, recent threats, or your own custom hypothesis.
Use security-researcher-generated hunting queries or custom hunting queries to investigate malicious behavior.
Conduct your hunts using multiple persisted-query tabs that enable you to keep context over time.
Collect evidence, investigate UEBA sources, and annotate your findings using hunt specific bookmarks.
Collaborate and document your findings with comments.
Act on results by creating new analytic rules, new incidents, new threat indicators, and running playbooks.
Keep track of your new, active, and closed hunts in one place.
View metrics based on validated hypotheses and tangible results.
📌Prerequisites:
In order to use the hunts feature, you either need to be assigned a built-in Microsoft Sentinel role, or a custom Azure RBAC role.
Want to learn more? 💡