Chapter 11, Writing the Incident Report, provided the details necessary for incident responders to properly report on their activities and their findings. Reporting a threat hunt is just as critical, as it affords managers and policymakers insight into the tools, techniques, and processes utilized by the hunt team, as well as providing potential justification of additional tools or modifying the existing processes. The following are some of the key elements of a threat hunt report:
- Executive summary: This high-level overview of the actions taken, indicators discovered, and if the hunt proved or disproved the hypothesis provides the decision-makers with a short narrative that can be acted upon.
- Threat hunt plan: The plan, including the threat hunt hypothesis, should be included as part of the threat hunt report. This provides the reader with the various details...
