◼️
General Knowledge
  • Introduction
  • Building a Home Lab
  • Certification Roadmap
  • Basics
    • Basic Networking
    • Basic Gigamon Configuration
  • Firewalls
    • PFSense
    • Cisco ASA
  • Hardware Setup and Device Networking
    • Cisco Device
    • MaxVision Servers
    • Gigamon
  • Reporting
    • Network Activity Report (NAR)
    • Network Change Request (NCR)
    • Redmine
  • DCO Tools
    • Splunk
      • Threat Hunting with Splunk
    • Security Onion 2.4
      • Threat Hunting with Security Onion
    • OsQuery
  • Methodology
    • Gather Information
    • Gather Documents
    • Prepare Equipment and Team Procedures
    • Conduct Network Reconnaissance
    • MITTRE ATT&CK Framework
    • Considerations when Recommending Remedial Action
    • Document Everything
    • Defensive Cyber Operations Checklist
  • Requirements
    • Power Requirements
    • Port Density Requirements
    • Opened Port Requirements
  • Building a Virtual Testing Environment
    • Identify Requirements
    • Gather Equipment and tools
    • Initial Draft
    • Building the Environment
    • Example
Powered by GitBook
On this page
  1. Methodology

Prepare Equipment and Team Procedures

Excerpt from "Hunt Methodology" By Christian B.

Introduction

The process of updating your analyst workstations and sensor platforms is just as important as ensuring that the network you are defending is secure. Understand that once you integrate your tools into the network, your tools are now an additional attack vector on that network. As discussed under Indicator of Compromise (IOC), it is also important during this time to ensure that all necessary IOCs are included in your sensor dashboards to ease the hunting process.

Team procedures include the hunting process, identifying roles within the team (host analyst, network analyst, etc.), and laying out the reporting process for the team.

PreviousGather DocumentsNextConduct Network Reconnaissance

Last updated 2 years ago