Threat Hunt Playbook

Threat Hunt Playbook  provides a methodology for conducting threat hunting on critical information systems providing a repeatable systematic approach to identify compromises that were otherwise not detected using other security mechanisms. Developed as a collaborative effort between the Cyber Incident Response Institution of the Republic of Latvia (CERT.LV) and the Canadian Armed Forces Cyber Command (CAF), it documents various best practices gathered during active threat hunting operations.

In response to heightened threat environment, as a result of Russian war in Ukraine, the CAF and CERT.LV have forged a strong partnership since February 2022 to systematically root out cyber threats actors from Latvian cyberspace and enhance cybersecurity resilience and capabilities. CAF periodically includes experts from the Canadian Centre for Cyber Security, working under a Ministerial Order designating the electronic information and networks of Latvia as systems of importance (SOIs) to the Government of Canada. These deployments are part of a joint mission involving cyber security experts from the Department of National Defence, the Canadian Armed Forces, the Cyber Centre and its Latvian counterpart, CERT.LV who help defend Latvia’s critical infrastructure and government networks.

Threat hunting is one of many information security activities that an organization can employ to Detect cybersecurity compromises and must be employed along side the other activities covering the other security functions for an effective cybersecurity management operation.

Audience: Technical personnel, including junior & senior analysts are the primary audience for this publication. The Threat Hunt Playbook provides them with detailed guidance and insights into threat hunting and is designed to enhance their expertise and support their roles, with the goal of enabling them to quickly begin operations on a target network.