[FR] ThreatHunting Section
YouBaxter opened this issue · comments
YouBaxter commented
Would be great to see a "ThreatHunting" Section added along with "Alerts" and "Cases".
The use case here would be to track internal threat hunts, and then, if needed, it can be escalated/migrated to a case (similar to an alert). In other words, if a defined threat hunt would lead to a true positive outcome the casing logic can be utilized (similar to an Alert>Case workflow).
Using the structure of the "Cases" module as a template, the Threat Hunting logic can be very similar with the only different would be to escalated to a incident/case or tagged as a false finding.
Thanks!!!