2026-04-07 01-22-58_Clip_Clip-02-02_Clip
May 31, 2026 23:36
· 14:04
· English
· Whisper Turbo
· 2 اسپيڪر
هيءَ ترانسڪريٽ اڄ ختم ٿيندي.
ساري وقت جي ذخيري لاءِ اپ گريڊ →
صرف ڏيکارڻ
2:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Before an organization is ready to actually perform
2:46
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
any threat hunts,
2:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
there are some steps that need to go in for preparation
2:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
in order to be successful in the threat
2:56
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
hunting process.
2:57
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So some of those steps are going to consist of having the right threat hunting
3:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
personnel.
3:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And this could be threat hunting teams or just individuals who are doing
3:06
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the threat hunts.
3:07
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that may have multiple different responsibilities as well.
3:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And we'll talk about a lot of these in more detail either in this course or
3:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
in later courses as part of the threat hunting learning path.
3:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Making sure we have the correct data and the appropriate
3:22
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
data.
3:23
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is going to be your logs,
3:24
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
your events from all the appropriate sources across the
3:29
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
infrastructure for the organization.
3:31
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And we'll talk about specifically what kind of things should be logged
3:35
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
in a later video in this course.
3:38
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
making sure we have the appropriate tools to collect
3:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
those logs and all of the events in one place
3:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
to aggregate them together,
3:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and then a place to assist with the analysis.
3:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
A lot of times that's going to be the same system.
3:55
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And then whatever additional tools might be needed as well,
3:59
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
like maybe packet capture or packet analysis utilities.
4:04
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
For more advanced threat huts,
4:06
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
maybe a memory analysis or disk analysis utilities,
4:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
those two are typically going to be more of your digital forensics types of tools.
4:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
But again,
4:15
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
for the more advanced threat huts,
4:17
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
they can definitely come in handy.
4:20
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And then making sure that the hunters have proper access
4:24
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
to not just the tools they need and the logging systems,
4:29
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but additionally to any of the systems that might need
4:33
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
further in -depth analysis.
4:36
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Now, in some cases,
4:38
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
this may be handled by more of the incident response team,
4:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but it's still a good idea to make sure the threat hunters have access to them as
4:46
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
well if needed.
4:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And then making sure that the organization has access to the proper
4:53
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
intelligence information.
4:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is going to be sources of information about current threats,
4:58
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
about new threats.
5:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And this can be either internally generated or come from an external
5:04
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
source like a paid intelligence feed or an open
5:08
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
source intelligence source.
5:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And we'll talk about threat intelligence specifically in
5:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
a separate course in this learning path as well.
5:17
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So let's start by talking about the threat hunting teams.
5:21
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
It's kind of a loose definitions for these threat hunting teams.
5:24
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
There's not really standard definitions for these.
5:27
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
It's really going to be based on the size of the organization,
5:30
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the industry the organization is a part of,
5:32
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
what systems the organization has,
5:35
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and just the general needs of the organization when it comes to threat hunting.
5:39
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
But we start out with what's known as an ad hoc threat hunter.
5:43
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is going to be usually one person that may have multiple
5:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
different job roles in the IT department,
5:50
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
maybe the security department.
5:53
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is typically going to be something you find in much
5:57
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
smaller organizations that may either have no formalized
6:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
cybersecurity team or maybe just a very small security
6:05
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
team.
6:06
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Again, this person is going to have multiple different roles,
6:09
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
typically just in the IT department itself.
6:12
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Most of these threat hunts are going to be very specifically task
6:16
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
-oriented.
6:17
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
They're going to not occur very often just from the simple fact that the infrastructure
6:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
is probably going to be smaller and there's going to be just less time for
6:26
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that individual to be able to carry out the threat hunts.
6:29
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And threat hunts in an organization this size are going to be...
6:33
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
I don't want to say less important,
6:35
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but less critical to the security because they're
6:40
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
just less of a target.
6:41
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Now, again,
6:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that is going to depend on the risk assessment for the organization.
6:46
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And again,
6:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
these aren't really standard definitions.
6:50
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is just a kind of a place to start out to figure out what these may look
6:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
like.
6:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So moving up from there,
6:55
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
we have usually an individual person or maybe a couple of people
7:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
in an organization that have multiple roles again,
7:03
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but very more specific.
7:04
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
They have roles of being an analyst and a threat hunter,
7:08
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
so specifically in cybersecurity.
7:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is going to be most common in a lot of your medium -sized organizations.
7:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is going to be where your analyst or a SOC analyst
7:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
is also going to be responsible for threat hunting.
7:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Those two skills.
7:23
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
very commonly go very well together.
7:26
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
A good threat hunter typically makes a very good analyst and the
7:30
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
other way around as well,
7:31
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
because a lot of threat hunting is analysis of data and
7:35
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
kind of drawing conclusions and kind of chasing down
7:39
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
what's happening in the infrastructure based on that information.
7:44
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And then we have our dedicated threat hunting teams.
7:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
These are going to be found in your much larger organizations.
7:50
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
They're the most specialized out of all of this.
7:53
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is where you have typically several members as part of this team,
7:57
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and their sole purpose is threat hunting.
8:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Again, mostly found in your larger organizations,
8:03
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
maybe government agencies and things like that,
8:07
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
where it's a dedicated team that does nothing but threat
8:11
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
hunting.
8:12
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
The next here we will look at is what kind of software and
8:16
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
various types of systems are needed in an organization to be prepared
8:20
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
for threat hunting.
8:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Threat hunting involves going through and analyzing and looking through
8:26
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
data, and it requires that data to be in place and be accessible
8:30
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
before the hunt can occur.
8:33
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is typically going to come from logs from multiple different
8:37
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
systems that are all pulled into one central location,
8:40
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
typically into what is known as a SIEM or SIM,
8:44
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
depending on how you want to pronounce it.
8:45
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This stands for a Security Information and Event Management
8:50
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
System.
8:51
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This also,
8:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
most of the time,
8:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
is going to provide the location for searching those logs
8:58
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
as well.
8:59
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
You can search the logs in kind of one dashboard,
9:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and you can search the logs across those multiple systems because they're all pulled
9:06
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
from those systems into one location.
9:08
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Two of the most common pieces of software for this are Splunk and
9:12
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
what's known as the Elk Stack.
9:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Elk in this situation,
9:16
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
or in this instance,
9:17
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
there we go.
9:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Stands for Elasticsearch,
9:20
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Logstash,
9:21
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and Kibana.
9:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Three different tools kind of lumped into one utility here.
9:27
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Other tools that are usually or that are very commonly found with threat hunts
9:31
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
are packet capture and packet analysis tools.
9:34
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
The most common one that you see is going to be Wireshark.
9:38
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
You'll see that most often.
9:40
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
There are several other tools,
9:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Wireshark being the most common.
9:44
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
It is cross -platform,
9:46
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
so it can be used on various different systems.
9:49
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Then we can't forget our antivirus and EDR systems,
9:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and we talked about these before.
9:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
They're not a replacement for threat hunting.
9:57
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Threat hunting isn't a replacement for them,
9:59
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
I guess, is what I should have said there.
10:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
But the information that comes out of them can be unique.
10:05
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
These systems can provide a lot of additional information and data
10:09
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that might not be included in other logs.
10:12
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And when we're performing threat hunts,
10:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
more information is always good because it gives us more places
10:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
to look and just more data that can be used for that analysis.
10:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And then our threat intelligence information.
10:25
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Again,
10:26
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
there's many different places this can come from.
10:29
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Again,
10:30
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
multiple different types of data feeds,
10:32
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
whether they're paid or open source,
10:34
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
an in -house team that's generating and creating threat
10:38
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
intelligence reports,
10:39
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
usually going to be in your larger organizations,
10:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
third -party vendors,
10:43
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
there's a number of different locations where threat intelligence
10:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
can come from.
10:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Again,
10:49
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
We're going to talk about threat intelligence in a lot more detail in another
10:54
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
course in this learning path.
10:56
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Then we get into our preparation for our logs.
11:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So we've gone over kind of that we need logs,
11:03
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but we need to make sure that we have the logs that
11:07
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
we need,
11:07
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the appropriate logs,
11:09
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that they are all being collected ideally in one location,
11:13
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
saved in that location.
11:15
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And we're talking about logs from endpoints across the environment,
11:20
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
any servers,
11:21
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
network devices,
11:22
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
our authentication servers,
11:24
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
cloud systems,
11:25
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
applications.
11:26
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Pretty much anything that connects to the network and can generate logs
11:31
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
is a good source of information for threat hunting.
11:34
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So we're collecting all of those logs,
11:36
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but we need to keep an eye on how long we are keeping those logs
11:40
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
for.
11:41
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is what's referred to as our log retention.
11:44
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
They have to be kept for an appropriate amount of time.
11:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
An appropriate is going to have a different definition in every
11:51
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
organization.
11:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Some organizations may have legal requirements for how long they keep logs,
11:56
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
but a lot of the retention here is going to vary
12:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
based on
12:02
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the amount of logs being collected,
12:05
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the storage space available for those logs,
12:08
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
because naturally,
12:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
if you're collecting more logs,
12:12
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
you're going to need more storage.
12:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And if you have this kind of a
12:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
static amount of storage and you're collecting more logs,
12:21
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that means you have to retain them for a lower amount of time.
12:25
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
So it's kind of a balancing act there between how long
12:29
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
you maintain those logs,
12:31
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the volume of logs you're collecting,
12:34
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
the number of systems you're collecting from,
12:36
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
and how much space you can allocate for those
12:40
S…
Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
logs.
12:41
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And very frequently,
12:42
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
it's important,
12:44
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
especially with Windows systems,
12:45
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
to have some additional software.
12:48
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
to kind of provide more detailed logs.
12:51
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And in Windows systems,
12:52
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
we're specifically looking at a tool from Microsoft's Sysinternals
12:57
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
suite known as Sysmon.
12:59
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is an application that can be installed on systems
13:03
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
that can generate a lot more information in the logs themselves.
13:07
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
And by the access information,
13:10
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
they have specific events IDs that it's
13:14
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
can be included in these logs that are very useful in threat hunting.
13:18
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
For example,
13:19
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
we can see here on Microsoft's website
13:23
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
for Sysmon,
13:25
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
they're kind of given examples of some of the event IDs,
13:28
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
such as event ID 1 that comes in when new processes
13:32
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
are created.
13:35
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Event ID 3 is a good one to use for threat hunting.
13:38
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This one is logged when new network connections,
13:43
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
either TCP or UDP,
13:45
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
are made on a specific machine.
13:47
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Processes being ended,
13:51
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
various images being loaded,
13:53
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
remote threads can be useful.
13:55
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
This is when a process is creating a thread in another
13:59
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
process.
14:00
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
Very common,
14:01
S…
Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-02_Clip)
a technique used by malware to inject.
هيءَ ترانسڪريٽ AI (آٽوميٽڪ سڏ سڃاڻپ) پاران تيار ڪئي وئي آھي. ان ۾ غلطيون ٿي سگھن ٿيون - اصل آڊيو سان چيڪ ڪريو ته جيئن خطرناڪ استعمال ڪري سگھجي. AI پاليسي
خلاصو
ھن ترانسڪريپٽ جي AI خلاصي پيدا ڪرڻ لاءِ خلاصو دٻايو.
خلاصو ڪيو وڃي ٿو...
AI کان ان ترانسڪريپٽ بابت پڇو
ھن ترانسڪريپشن بابت ڪابه سوال ڪريو - AI لاڳاپيل حصا ڳوليندو ۽ جواب ڏيندو.