RA-10: Threat Hunting
From NIST's SP800-53:
a. Establish and maintain a cyber threat hunting capability to: 1. Search for indicators of compromise in organizational systems; and 2. Detect, track, and disrupt threats that evade existing controls; and b. Employ the threat hunting capability [Assignment: organization-defined frequency].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1195.002 | Compromise Software Supply Chain | Initial Access |
| T1195.001 | Compromise Software Dependencies and Development Tools | Initial Access |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1195 | Supply Chain Compromise | Initial Access |