You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would be great to see a "ThreatHunting" Section added along with "Alerts" and "Cases".
The use case here would be to track internal threat hunts, and then, if needed, it can be escalated/migrated to a case (similar to an alert). In other words, if a defined threat hunt would lead to a true positive outcome the casing logic can be utilized (similar to an Alert>Case workflow).
Using the structure of the "Cases" module as a template, the Threat Hunting logic can be very similar with the only different would be to escalated to a incident/case or tagged as a false finding.
Thanks!!!
The text was updated successfully, but these errors were encountered:
Would be great to see a "ThreatHunting" Section added along with "Alerts" and "Cases".
The use case here would be to track internal threat hunts, and then, if needed, it can be escalated/migrated to a case (similar to an alert). In other words, if a defined threat hunt would lead to a true positive outcome the casing logic can be utilized (similar to an Alert>Case workflow).
Using the structure of the "Cases" module as a template, the Threat Hunting logic can be very similar with the only different would be to escalated to a incident/case or tagged as a false finding.
Thanks!!!
The text was updated successfully, but these errors were encountered: