Threat Hunting and Cyber Threat Intelligence
Hunt adversaries across endpoint, network, identity and cloud, and build a full CTI capability from requirements to detection.
A full defensive programme. You hunt across every telemetry source — Windows, Linux, network, identity, AD, cloud and SaaS — apply MITRE ATT&CK and structured analysis throughout, convert findings into detection content, and finish able to design and run enterprise hunt and CTI programmes with reporting from tactical to strategic.
Foundations of hunting and CTI and how they work together.
The technical grounding a hunter and analyst needs.
Threat types, motivations and adversary categories.
ATT&CK, Kill Chain and the Diamond Model in practice.
The intelligence cycle and core analytic concepts.
Building PIRs and managing intelligence stakeholders.
Collecting intelligence across sources and feeds.
Enriching, scoring and validating indicators of compromise.
The logs and telemetry that make hunting possible.
Querying security data to test hunt hypotheses.
Structured, hypothesis-driven hunting end to end.
Hunting adversary behaviour on Windows endpoints.
Hunting adversary behaviour on Linux endpoints.
Hunting across network, DNS and web telemetry.
Hunting identity and Active Directory attacks.
Hunting across cloud and SaaS environments.
Applying structured analytic techniques to intelligence.
Profiling actors and analysing campaigns.
Converting hunts into Sigma, YARA and detection rules.
Hunting advanced and evasive adversary tradecraft.
Forensic hunting and building attack timelines.
Hunting across large enterprise estates.
MISP, OpenCTI and STIX/TAXII in practice.
Automating hunts and intelligence workflows.
Running operations driven by intelligence.
Strategic intelligence and executive-level reporting.
Designing an enterprise threat-hunting programme.
Designing and governing a CTI programme.
Advanced analytics and AI-assisted hunting.
Validating detections through adversary emulation.
An end-to-end intelligence-led threat operation.
SOC Analysts & Threat Hunters
Analysts moving from reactive alerting to proactive, hypothesis-driven hunting.
CTI Analysts
Those building intelligence requirements, collection, analysis and reporting capability.
Incident Responders & DFIR
Responders who want structured hunting and timeline analysis to accelerate investigations.
Security Leads & Detection Engineers
Professionals designing hunt and CTI programmes and building detection content.
Full telemetry coverage
Hunt across Windows, Linux, network, identity, AD, cloud and SaaS — not one surface.
ATT&CK-driven throughout
Every hunt and analysis is mapped to MITRE ATT&CK and intrusion frameworks.
Hunt-to-detection pipeline
Convert hunt findings into Sigma, YARA and reusable detection content.
Programme & reporting
Design enterprise hunt/CTI programmes and deliver tactical-to-strategic reports.
Interested in this course? Our team will reach out within 1 business day.
Enquire Now