Threat Hunting & Anomaly Detection Lab
Threat Hunting & Anomaly Detection Lab Overview Threat hunting is a proactive cybersecurity approach that involves identifying potential security threats before they cause harm. This lab introduces students to threat hunting techniques, anomaly detection strategies, and behavioral analysis methods to detect advanced threats that evade traditional security tools. Lab Instructions 1. Setting Up Your Environment You will need: A SIEM platform (Splunk, Wazuh, or ELK Stack) Access to MITRE ATT&CK, VirusTotal, and AlienVault OTX A dataset containing logs from a simulated network breach (provided by instructor) Install required tools (if using Wazuh on Debian-based OS) sudo apt update && sudo apt install wazuh-agent 2. Collecting Security Data for Threat Hunting Threat hunters use logs from multiple sources, including: ...