In this discussion, we present a new way of thinking about network threat hunting and AI. The common practice today is that most analysts search for attackers based on threat intelligence, signature rules passed between organizations and hunches. This requires labor intensive processes that are dependent on individual analysts and result in inconsistency in execution. This is an opportunity for attackers.

This discussion proposes an approach that holistically thinks about threat hunting from initial signals to closure; and how to create automated and repeatable patterns for a security team. Breaking from the usual threat hunting techniques centered around an analyst’s manual signature rule management and rule creation from threat intelligence, knowledge, and hunches. Instead evidence-based security research is used to train machine learning algorithms to provide vision and efficiency without significant labor and risking human error.