White papers

SANS: Threat hunting with consistency

Start thinking about threat hunting by using terms from MITRE’s ATT&CK Matrix to frame the context. By first using high-level terms like privilege escalation, lateral movement, and exfiltration in your vocabulary, you identify threat actor intent before drilling into specifics.

This resource is not yet available. It will be published soon so stay tuned!

Publication date:

December 13, 2019


In this paper, we’re going to introduce a different—and perhaps new—technique for threat hunting, one that uses MITRE’s ATT&CK Matrix1 as an ongoing vocabulary. By associating your threat hunts with known threat actor objectives, techniques and tactics, you’ll begin to think of threat hunting not as a singular activity but rather in the context of how an attacker may achieve that objective within your environment. Furthermore, we believe that if you “speak ATT&CK” when hunting, your team will find a common vocabulary to describe the desired result of a hunt.

Yes, yes, we know, filling out forms is painful. But staring at empty boxes is even more painful. Keep in mind the form may not load if you are using an ad blocker. Once the form is filled out, you will receive your resource via email.

Vectra needs the information you provide to us to process your inquiry and to contact you about our products. You may unsubscribe from these communications at anytime. For more information check out our Privacy Policy.