The “Google on SecOps” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on October 26th, 2022 by Dan Kaplan. Going forward, all Google Security Operations (formerly known as Chronicle Security Operations) blogs will be published here. 

So, you want to threat hunt? Proactive missions to identify malicious activity that is hidden from plain sight–and traditional detection tools and methods—is an obvious practice to undertake, if not a mandatory one.

While the threats that may be lurking in your environment undetected likely comprise only a small proportion of your overall attack landmass, they are potentially the most damaging because they are unknown, ongoing and unremediated—and likely being waged by skilled adversaries.

In Part 1 of our “Fastest Two Minutes in SecOps” on threat hunting, Google Cloud Principal Strategist John Stoner laid the groundwork for why threat hunting has become such a sought-after discipline for organizations wanting to be more proactive in their self-defense.

In this next round, he gets down to brass tacks with a quick-hit rundown of how you should approach a hunt (there are three common methods), how to be focused with your hunt strategy, why you should follow the scientific method for every hunt, and the one day of the week on which you may want to avoid starting a hunt.