Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Hypothesis-driven threat hunting starts with a testable assumption, often from MITRE ATTACK, then searches telemetry to confirm or refute adversary activity.
Hypothesis-Driven Threat Hunting Definition: Hypothesis-driven threat hunting starts with a testable assumption, often from MITRE ATTACK, then searches telemetry to confirm or refute adversary activity.
Hypothesis-driven threat hunting is a proactive detection methodology in which analysts begin with a specific, testable assumption about how an adversary might be operating in their environment, frequently derived from MITRE ATTACK techniques or current threat intelligence. The hunter then queries logs, endpoint telemetry, and network data to confirm or refute the hypothesis. This structured approach helps surface stealthy threats that evade automated, signature-based detection and feeds findings back into new detections.
Hypothesis-Driven Threat Hunting is one of the topics you'll master in the CySA+ Boot Camp.
CySA+ Boot Camp →