Foreword
This threat hunting methodology was created as a joint effort between several Dutch financial institutions. The focus group operated as part of the Dutch financial institutes information sharing community (FI-ISAC). The goal of this cooperation was to create a joint understanding of threat hunting and a common approach to conducting threat hunting activity. This effort has resulted in the methodology described in this document: the Targeted Hunting integrating Threat Intelligence (TaHiTI) methodology.
This methodology has been created with a broad usage in mind: not only should it be valuable to the Dutch financial sector, but to any
organization in any sector. Releasing this methodology and the accompanying practical resources to the public domain was part of the initial intent of the focus group and the setup of the methodology.
The methodology itself seeks to combine threat hunting and threat intelligence to provide a focused and risk-driven approach to threat hunting. Threat intelligence is used as a source for hunting investigations and is used throughout the investigation to further contextualize and enrich the hunt.
