/en/categories/threat-hunting/Recent content in Threat Hunting on Suspicious BytesHugoen-USSat, 27 Sep 2025 00:00:00 +0000/en/posts/starting-with-threathunting/Sat, 27 Sep 2025 00:00:00 +0000/en/posts/starting-with-threathunting/<h2 id="start-hunting-today">Start Hunting Today!</h2> <p>Threat hunting doesn&rsquo;t require enterprise tools. You can simply start with what you already have.</p> <h3 id="minimum-requirements">Minimum Requirements</h3> <p>Start with things you probably already have. Work from there, and then think about improving and growing.</p> <ul> <li><strong>Centralized logging</strong> (Sysmon, firewall, proxy logs)</li> <li><strong>Query capability</strong> (ELK, Splunk, or even grep)</li> <li><strong>Baseline knowledge</strong> of your network</li> <li><strong>2-4 hours per week</strong> of dedicated hunting time</li> </ul> <p>Baselining is the hardest part for beginners, so start small. Pick one thing you can describe as &ldquo;normal&rdquo; (which hosts talk to the internet, which accounts run as admin, what runs at startup) and write it down. That single baseline becomes the yardstick for your first hunts.</p>