This post explores the core methodologies found in the definitive guide,
| Purpose | Tool | |---------|------| | Log collection | Elastic Stack (ELK), Wazuh, Graylog Open | | Query & visualization | Jupyter notebooks, Apache Superset, Kibana | | IOC scanning | Loki (free YARA scanner), ClamAV | | TI feeds (free) | MISP (open source), AlienVault OTX, Feodo Tracker, URLhaus | | Hunting queries | Threat Hunter Playbook (Neo23x0), Sigma rules, Splunk BOTS | This post explores the core methodologies found in
Practical Threat Intelligence and Data-Driven Threat Hunting This post explores the core methodologies found in