During the cyber threat hunting cycle, what is the next step after the analyst created a hypothesis?
- Based on the hypothesis, discover a pattern or the attacker’s tactics, techniques, and procedures.
- Document the hypothesis.
- Investigate the specific IOCs to determine what activities support them.
- Perform an investigation to validate the hypothesis.
| Explanation & Hint:
During the cyber threat hunting cycle, after an analyst has created a hypothesis, the next step is typically to: Perform an investigation to validate the hypothesis. This step involves actively looking for evidence within the organization’s systems and networks to confirm or refute the hypothesis. The investigation could involve analyzing network traffic, logs, and system activities to identify any anomalies or patterns that match the expectations set by the hypothesis. If the hypothesis is validated, the analyst can then move forward with further actions, such as containment and remediation. If it is refuted, the analyst may need to revise the hypothesis or develop a new one. |