Threat Hunting Techniques

Threat Hunting Techniques

位教师：Archan Choudhury

访问权限由 Coursera Learning Team 提供

6个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

9 小时完成

灵活的计划

自行安排学习进度

6个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

9 小时完成

灵活的计划

自行安排学习进度

您将学到什么

Explore the threat hunting lifecycle and how ML augments hypothesis-driven investigation.
Analyze raw log data by cleaning, enriching, and visualizing it using Pandas, Seaborn, and Matplotlib in Jupyter.
Apply anomaly detection techniques such as Isolation Forest and DBSCAN on telemetry data.
Design and execute a complete ML-based hunt in Splunk and Jupyter to detect suspicious behavior.

您将获得的技能

Unsupervised Learning
Automation
MLOps (Machine Learning Operations)
Splunk
Data Analysis
Threat Detection
Cyber Threat Hunting
Interactive Data Visualization
Applied Machine Learning
Cybersecurity
Data Preprocessing
Anomaly Detection
Pandas (Python Package)
Security Information and Event Management (SIEM)
Data Cleansing
Data Science
Jupyter
技能部分已折叠。显示 9 项技能，共 17 项。

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

4 项作业

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

该课程共有6个模块

In today’s rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated and elusive. Attackers employ advanced techniques to infiltrate systems, often bypassing traditional security measures. For security professionals, this presents a significant challenge: how can we defend against threats that are designed to evade detection? The answer lies in integrating data science with modern security practices.

This course is specifically designed for defenders who want to stay ahead of emerging threats by blending human intuition with machine-driven analytics. In the age of data overload, it’s not enough to simply rely on outdated detection approaches. Defenders need to harness the power of modern data science tools and techniques to uncover hidden anomalies, detect behavioral patterns, and identify subtle signals of compromise that may otherwise go unnoticed. This course equips you with the skills needed to navigate and combat the evolving cybersecurity landscape by utilizing cutting-edge techniques in data science. Throughout the course, you will dive deep into log analysis, threat detection hypotheses, and machine learning models applied to real-world cybersecurity scenarios. You will gain hands-on experience using industry-standard tools like Splunk and Jupyter Notebooks, allowing you to apply what you’ve learned to live data and active threats in your organization or in a training environment. This course is built for defenders who want to sharpen their hunting instincts and use data more effectively. It’s ideal for SOC analysts ready to move beyond alert triage, threat hunters who want to uncover deeper behavioral patterns, blue team engineers looking to build repeatable detection workflows, and cybersecurity students eager to gain hands-on experience with tools like Splunk and Jupyter. Learners should come in with a basic understanding of Python, familiarity with common log formats, and a solid grasp of core cybersecurity concepts. With these foundations in place, you’ll be able to move comfortably into the data-driven workflows and hands-on hunting techniques explored throughout the course. By the end, you’ll understand the full threat hunting lifecycle and how machine learning strengthens hypothesis-driven investigations. You’ll be able to clean, enrich, and visualize raw telemetry; apply anomaly detection techniques like Isolation Forest and DBSCAN; and design a complete ML-powered hunt in Splunk and Jupyter that detects suspicious behavior with clarity and confidence.

In this course, you’ll learn how to combine threat hunting fundamentals with data science techniques to uncover hidden threats that traditional security tools often miss. You’ll work with real log data, build hunting hypotheses, and apply machine learning models to detect anomalies, behavioral patterns, and subtle signs of compromise across enterprise environments. Through guided instruction, hands-on labs, and practical examples using Splunk and Jupyter Notebooks, you’ll develop the skills to operationalize ML-powered threat hunts, strengthen detection workflows, and respond more effectively to advanced, evasive attackers.

涵盖的内容

1个视频1篇阅读材料

In this module, you’ll explore what threat hunting really means and why it has become essential for modern security teams. We’ll break down how hunters move beyond automated tools to search for hidden or unusual activity that may signal an active compromise. You’ll learn the core concepts, terminology, and frameworks that shape effective hunting, along with the mindset of assuming adversaries may already be inside your environment. By the end, you’ll understand why proactive hunting is critical for stopping attacks early, reducing impact, and strengthening your overall detection strategy.

涵盖的内容

10个视频1篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计64分钟

Module Introduction 3分钟
Overview of Threat Hunting Concepts and Importance 5分钟
How to Plan Threat Hunt 9分钟
How to Document Threat Hunt 8分钟
Hunting Methodologies 6分钟
Telemetry and Data Sources 7分钟
Essential Tools for Threat Hunting 6分钟
Explore MITRE ATT&CK 8分钟
How to Use MITRE Navigator 6分钟
From ATT&CK to Action: Building a Hunt Matrix for Real Threats 6分钟

1篇阅读材料总计5分钟

MITRE Framework 5分钟

1个作业总计20分钟

Introduction to Industrial Threat Hunting 20分钟

1次同伴评审总计10分钟

Hands-On-Learning: Performing Threat Actor Profiling Using MITRE ATT&CK and MITRE Navigator 10分钟

1个讨论话题总计10分钟

The Impact of Proactive Threat Hunting in Your Environment 10分钟

In this module, you’ll learn how data science strengthens modern threat hunting by helping you make sense of large, noisy security datasets. We’ll walk through the essentials of cleaning and shaping log data, visualizing behaviors, and building simple machine learning models to spot anomalies. You’ll get hands-on practice with Python tools like pandas, scikit-learn, and Jupyter Notebooks, and see how these techniques feed into SIEM platforms such as Splunk and Elastic. By the end, you’ll understand how data science supports faster detection, smarter investigations, and repeatable, automated hunting workflows.

涵盖的内容

10个视频1篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计69分钟

Module Introduction 3分钟
Parsing and Cleaning Logs 5分钟
Techniques for Log Parsing and Cleaning 6分钟
Effective Log Parsing and Cleaning Techniques 7分钟
Introduction to Feature Engineering 6分钟
Visualizing Behaviors 12分钟
Threat Hunting Visualization 6分钟
What is Security-Focused Visualization 7分钟
Create Your Own Visualization 8分钟
Top Security Visualizations Every Threat Hunter Should Use 9分钟

1篇阅读材料总计5分钟

Effective Data Visualization 5分钟

1个作业总计20分钟

Data Science for Cybersecurity 20分钟

1次同伴评审总计16分钟

Hands-On-Learning: Building a Security Visualization to Detect Anomalous Login Activity 16分钟

1个讨论话题总计10分钟

Data Cleaning as the Foundation of Threat Hunting 10分钟

In this module, you’ll explore the unsupervised machine learning techniques that power modern anomaly detection in security environments. We’ll break down how models like Isolation Forest, DBSCAN, Z-Score Analysis, and One-Class SVM uncover unusual patterns without relying on labeled data. You’ll practice applying these algorithms to real-world scenarios such as suspicious logins, odd network traffic, and unusual system behavior. By the end, you’ll understand how these ML methods help you surface hidden threats that traditional rules often overlook.

涵盖的内容

10个视频1篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计67分钟

Module Introduction 3分钟
Introduction to Unsupervised ML 4分钟
Understand Different Process of Unsupervised Learning Models 6分钟
Evaluating and Tuning ML Models 5分钟
Suspicious Login Hunting 11分钟
Graphical Representation of Anomaly 11分钟
Event Correlation 7分钟
General Pitfalls in Threat Detection 5分钟
Different ML Techniques 5分钟
How to Choose Best ML Model 9分钟

1篇阅读材料总计5分钟

Splunk Machine Learning Toolkit Guide 5分钟

1个作业总计20分钟

ML Algorithms for Threat Detection 20分钟

1次同伴评审总计10分钟

Hands-On-Learning: Performing an ML-Based Hunt to Detect Anomalous Login Activity 10分钟

1个讨论话题总计10分钟

Overcoming Challenges in ML Model Tuning 10分钟

In this module, you’ll learn how to turn machine learning models and analytical techniques into practical, repeatable threat-hunting workflows. We’ll walk through how to ingest and prepare data in Splunk, write SPL for clean feature inputs, and build detection notebooks that analyze and score events in Jupyter. You’ll also see how both platforms work together to run full end-to-end hunts, from data extraction to investigation. By the end, you’ll be able to operationalize ML-driven detections and apply them directly to real security telemetry.

涵盖的内容

10个视频1篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计58分钟

Module Introduction 4分钟
Understand Splunk Architecture 5分钟
Log Ingestion in Splunk 7分钟
Search Operation in Splunk 6分钟
Writing SPL for Data Prep 6分钟
Jupyter Detection Pipeline 5分钟
Threat Hunt Notebook Example 6分钟
Splunk and Jupyter 7分钟
Elastic and Jupyter 6分钟
Real Hunt Execution 8分钟

1篇阅读材料总计5分钟

Finding a Needle in a Haystack: Machine Learning at the Forefront of Threat Hunting Research 5分钟

1个作业总计20分钟

Operationalizing in Splunk and Jupyter 20分钟

1次同伴评审总计10分钟

Hands-On-Learning: End-to-End Threat Hunt Using Splunk, Elastic, and Jupyter 10分钟

1个讨论话题总计10分钟

Applying Real Hunt Execution Techniques 10分钟

In this wrap-up module, you’ll bring all your threat-hunting skills together by building a complete anomaly-based detection workflow using Splunk and Jupyter. This final project puts your log analysis, SPL queries, and ML techniques into practice, showing your ability to uncover hidden threats, visualize suspicious behavior, and map findings to ATT&CK. It’s your chance to demonstrate real-world readiness and apply everything you’ve learned across the course.