Threat Hunting Process Modeling for C2 Detection Events
Published:
Highlights
- Objective: Transform the manual investigation experience of security operators into an executable, auditable, and agent-callable post-investigation knowledge system.
- Scope: Covers compromised host analysis, C2 destination IP/domain investigation, historical alerts, asset profiling, DNS/HTTP/SSL/traffic logs, threat intelligence, whitelisting, and lateral movement behavior.
- Impact: Standardizes threat hunting workflows to reduce reliance on manual expertise and improve investigation consistency.
