iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard
verified publisher icon dfir-iris

[FR] ThreatHunting Section

Open YouBaxter opened this issue 1 year ago • 0 comments

Would be great to see a "ThreatHunting" Section added along with "Alerts" and "Cases".

The use case here would be to track internal threat hunts, and then, if needed, it can be escalated/migrated to a case (similar to an alert). In other words, if a defined threat hunt would lead to a true positive outcome the casing logic can be utilized (similar to an Alert>Case workflow).

Using the structure of the "Cases" module as a template, the Threat Hunting logic can be very similar with the only different would be to escalated to a incident/case or tagged as a false finding.

Thanks!!!

YouBaxter avatar Feb 09 '24 00:02 YouBaxter