Threat hunting is a proactive approach that involves analyzing numerous data sources like logs, network traffic, and endpoint data to identify and eliminate cyber threats that have evaded traditional security measures. It aims to uncover potential threats that may have gone undetected in an IT environment. The process of threat hunting typically involves several steps: hypothesis generation, data collection, analysis, and response.
Argus offers several capabilities that assist security teams in hunting threats within their environment, empowering them to take rapid actions to contain the threat and prevent further damage.
Accessing Threat Hunting
- Login to Argus Web Interface: Open your web browser and navigate to the Argus URL provided by your organization. Log in with your credentials.
- Navigate to Threat Hunting: From the dashboard, under Threat intelligenceà select Threat Hunting from the left-hand menu.
Using Threat Hunting
- Select a Time Range: Use the time range selector at the top to choose the period you want to investigate.
- Filter by Criteria: Use the filter options to narrow down your search by agent, event type, severity, and other criteria.
- Analyze Events: Examine the list of events generated during the selected time period. Click on any event to view detailed information.
- Search and Query: Utilize the search bar to perform specific queries on event data.
Example Use Case
- Identifying Suspicious Activity: Filter events by high severity and analyze patterns to detect any unusual behavior indicating a potential threat.