{"id":167553,"date":"2024-02-12T14:11:52","date_gmt":"2024-02-12T14:11:52","guid":{"rendered":"https:\/\/www.techopedia.com\/?p=167553"},"modified":"2024-02-12T14:11:52","modified_gmt":"2024-02-12T14:11:52","slug":"understanding-cyber-threat-hunting-how-it-works-techniques-and-tools","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works","title":{"rendered":"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools"},"content":{"rendered":"<p>The cyber threat landscape is constantly evolving, with new threats and attacks emerging every day. While traditional cybersecurity measures like <a href=\"https:\/\/www.techopedia.com\/definition\/3165\/endpoint-security\">endpoint security<\/a> and <a href=\"https:\/\/www.techopedia.com\/definition\/3988\/intrusion-detection-system-ids\">intrusion detection<\/a> systems are designed to detect and prevent known threats based on predefined rules and signatures, they are all reactionary measures to <a href=\"https:\/\/www.techopedia.com\/definition\/24747\/cybersecurity\">cybersecurity<\/a>.<\/p>\n<p>It is not simply good enough to have the <a href=\"https:\/\/www.techopedia.com\/antivirus\/best-antivirus-software\">best antivirus software<\/a> and the <a href=\"https:\/\/www.techopedia.com\/vpn\/best-vpn\">best VPN software<\/a> &#8211; prevention always has to be better than the cure.<\/p>\n<p>Organizations need to look at cyber threat hunting. This approach ensures that security teams no longer wait for security alerts before swinging into action. Rather, they are continuously on the lookout for signs that could spell doom for the security apparatus of the organizations.<\/p>\n<p>Cyber threat hunting helps cope with the <a href=\"https:\/\/www.techopedia.com\/definition\/28118\/advanced-persistent-threat-apt\">advanced persistent threats<\/a> (APTs) that target organizations today, such as identity attacks, <a href=\"https:\/\/www.techopedia.com\/definition\/29736\/zero-day\">zero-day<\/a> exploits, and credential thefts.<\/p>\n<div class=\"su-note\"  style=\"border-color:#dddddd;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\"><div class=\"su-note-inner su-u-clearfix su-u-trim\" style=\"background-color:#f7f7f7;border-color:#ffffff;color:#333333;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\">\n<h2><span id=\"key_takeaways\">Key Takeaways<\/span><\/h2>\n<ul>\n<li>Cyber threat hunting emphasizes a proactive approach to identifying and mitigating malicious activity within networks.<\/li>\n<li>Traditional cybersecurity measures are deemed insufficient against advanced persistent threats (APTs), and reacting after an attack or extortion attempt is often more costly.<\/li>\n<li>Techniques such as log analysis, network traffic analysis, and endpoint analysis are employed, often following a framework of data collection, hypothesis formation, and data analysis.<\/li>\n<li>Threat hunting also provides valuable insights into the threat landscape and adversary tactics, helping organizations stay ahead of emerging threats.<\/li>\n<li>Striking a balance between traditional monitoring solutions and proactive threat hunting is crucial for effective cybersecurity.<\/li>\n<\/ul>\n<\/div><\/div>\n<div>\n    <section class=\"toc-sticky w-100 bg-white \">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\"\n                 aria-controls=\"multiCollapse1\"\n                 data-bs-target=\"#multiCollapse1\">\n                <button\n                        class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\"\n                >\n                    <i class=\"icon-chevron-up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n                <span class=\"toc-main-title-permanent\">Table of Contents<\/span>\n            <\/div>\n            <div\n                    class=\"collapse my-3\"\n                    id=\"multiCollapse1\"\n            >\n                <ol class=\"StepProgress\">\n                                                                        <li class=\"StepProgress-item current\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"key_takeaways\"\n                               onclick=handleScrollToTitle(\"key_takeaways\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Key Takeaways<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"what_is_cyber_threat_hunting\"\n                               onclick=handleScrollToTitle(\"what_is_cyber_threat_hunting\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">What is Cyber Threat Hunting?<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"how_cyber_threat_hunting_works\"\n                               onclick=handleScrollToTitle(\"how_cyber_threat_hunting_works\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">How Cyber Threat Hunting Works<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"cyber_threat_hunting_techniques\"\n                               onclick=handleScrollToTitle(\"cyber_threat_hunting_techniques\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Cyber Threat Hunting Techniques<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"why_threat_hunting_is_important\"\n                               onclick=handleScrollToTitle(\"why_threat_hunting_is_important\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Why Threat Hunting Is Important<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"the_bottom_line\"\n                               onclick=handleScrollToTitle(\"the_bottom_line\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">The Bottom Line<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"references\"\n                               onclick=handleScrollToTitle(\"references\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">References<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                    <\/ol>\n                <div class=\"toc-sticky__container__disperse\"><\/div>\n                <div class=\"toc-sticky__btn-top justify-content-center\">\n                    <button class=\"btn btn-link d-flex align-items-center\" onclick={btnTop()}><p>Show Full Guide<\/p><img decoding=\"async\"\n                                src=\"\/wp-content\/plugins\/table-of-contents\/assets\/images\/arrow-up-circle.svg\"\n                                alt=\"arrow-up-circle\">\n                    <\/button>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/section>\n    <div class=\"toc-sticky-list\">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\" aria-controls=\"multiCollapse2\" data-bs-target=\"#multiCollapse2\">\n                <button class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\">\n                    <i class=\"icon-chevron-up up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n            <\/div>\n            <div  class=\"collapse my-3\" id=\"multiCollapse2\">\n                <ol class=\"StepProgress\">\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item current \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"key_takeaways\"\n                                   onclick=handleScrollToTitle(\"key_takeaways\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Key Takeaways<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"what_is_cyber_threat_hunting\"\n                                   onclick=handleScrollToTitle(\"what_is_cyber_threat_hunting\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">What is Cyber Threat Hunting?<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"how_cyber_threat_hunting_works\"\n                                   onclick=handleScrollToTitle(\"how_cyber_threat_hunting_works\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">How Cyber Threat Hunting Works<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t\n\t\t\t\t\t\t <span class=\"show_moretoc\">Show Full Guide<\/span>\n\t\t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"cyber_threat_hunting_techniques\"\n                                   onclick=handleScrollToTitle(\"cyber_threat_hunting_techniques\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Cyber Threat Hunting Techniques<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"why_threat_hunting_is_important\"\n                                   onclick=handleScrollToTitle(\"why_threat_hunting_is_important\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Why Threat Hunting Is Important<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"the_bottom_line\"\n                                   onclick=handleScrollToTitle(\"the_bottom_line\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">The Bottom Line<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"references\"\n                                   onclick=handleScrollToTitle(\"references\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">References<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                                    <\/ol>\n            <\/div>\n            <div class=\"toc-sticky__container__disperse\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n<script id=\"toc-js\">\n    window.addEventListener(\"DOMContentLoaded\", () => {\n        const header = document.querySelector(\".header_wrapper\");\n\n        const pageLegend = document.querySelector('#multiCollapse1');\n        const pageLegendList = document.querySelector('#multiCollapse2');\n        const pageLegendCollapse = new bootstrap.Collapse(pageLegend, {toggle: document.querySelector(\".toc-sticky\").classList.contains('sticky')});\n\n        \/**\n         * Changing current title\n         *\/\n        (function (pageLegend) {\n            const titleNodes = pageLegend.querySelectorAll('.StepProgress-item__link');\n\n            if (!titleNodes.length) return;\n\n            const titles = [...titleNodes].map((itm, i) => ({\n                id: itm.getAttribute('data-id'),\n                text: itm.textContent,\n                level: itm.getAttribute('data-level'),\n                linkNode: itm,\n                titleNode: document.getElementById(itm.getAttribute('data-id')),\n                index: i,\n            }));\n\n            \/**\n             * Source: https:\/\/www.sitepoint.com\/throttle-scroll-events\/\n             * @param {Function} fn\n             * @param {number} wait\n             * @returns {(function(): void)|*}\n             *\/\n            const throttle = (fn, wait) => {\n                let time = Date.now();\n                return function () {\n                    if ((time + wait - Date.now()) < 0) {\n                        fn();\n                        time = Date.now();\n                    }\n                }\n            }\n\n            const changeCurrentTitle = () => {\n                const documentScrollTop = window.pageYOffset || document.documentElement.scrollTop || document.body.scrollTop || 0;\n                let current = 0;\n\n                \/\/ Title\n                titles.forEach((itm, i) => {\n\t\t\t\t\/\/console.log(itm)\n                    const itmOffsetTop = itm.titleNode ? itm.titleNode.offsetTop - 100 : 0;\n\n                    if (documentScrollTop >= itmOffsetTop) {\n                        document.getElementById('toc-current-title').innerHTML = itm.text;\n                        document.getElementById('toc-current-title').setAttribute('data-current-id', itm.id);\n                        document.getElementById('toc-current-title').setAttribute('data-current-level', itm.level);\n                        current = i;\n                    }\n                })\n\n                \/\/ close all list and open sub list if needed\n                if (document.querySelector(\".toc-sticky\").classList.contains('sticky')) {\n                    document.querySelectorAll('.subList-in-progress').forEach((el) => {\n                        el.children[1].classList.remove('show');\n                        el.getElementsByClassName('icon-chevron-down')[0].classList.remove('up');\n                    });\n                    const currentEl = titles[current];\n                    currentEl.linkNode.classList.add('show');\n                }\n\n                titles.forEach((itm, i) => {\n                    itm.linkNode.parentNode.parentNode.classList.remove('current', 'is-done');\n                    if (current > i) {\n                        itm.linkNode.parentNode.parentNode.classList.add('is-done')\n                    };\n                    if (current === i) {\n                      itm.linkNode.parentNode.parentNode.classList.add('current');\n                    };\n                })\n\n            }\n\n            changeCurrentTitle();\n\n            document.addEventListener('scroll', throttle(changeCurrentTitle, 50));\n        })(pageLegend);\n\n\n        \/**\n         *  Collapse\n         *\/\n        (function (pageLegend, header) {\n            const icon = pageLegend.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = (status) => (e) => {\n                if (!e.target.isEqualNode(pageLegend)) return;\n\n                icon.classList.toggle(\"up\");\n\n                const containerHeight = pageLegend.getBoundingClientRect().height;\n\n                const showSubtitleContent = () => {\n                    const currentId = document.getElementById('toc-current-title').getAttribute('data-current-id');\n                    const currentLevel = document.getElementById('toc-current-title').getAttribute('data-current-level');\n                    const currentSubTitle = currentLevel == 3 ? document.querySelector(`a[data-id=\"${currentId}\"]`).parentNode.parentNode.parentNode : false;\n\n                    if (!currentSubTitle) return;\n                    new bootstrap.Collapse(currentSubTitle, {toggle: false}).show();\n                }\n\n                showSubtitleContent();\n                if (status === 'shown' && document.querySelector(\".toc-sticky\").classList.contains('sticky') ) {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.add('overflow-auto');\n                    pageLegend.style.height = `calc(100vh - ${header.getBoundingClientRect().height + document.querySelector('.toc-sticky__open').getBoundingClientRect().height + 16}px)`;\n                } else if (status === 'hide') {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.remove('overflow-auto');\n                    pageLegend.style.height = 'auto';\n                }\n            }\n\n            pageLegend.addEventListener('shown.bs.collapse', collapseToggle('shown'));\n            pageLegend.addEventListener('hide.bs.collapse', collapseToggle('hide'));\n        })(pageLegend, header);\n\n        \/**\n         * Collapse sub-titles\n         *\/\n        (function (pageLegend) {\n            const collapseEls = pageLegend.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegend);\n\n        \/**\n         *  Collapse main title\n         *\/\n        (function (pageLegendList) {\n            const icon = pageLegendList.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = () => (e) => {\n                if (!e.target.isEqualNode(pageLegendList)) return;\n\n                icon.classList.toggle(\"up\");\n\n            }\n            pageLegendList.addEventListener('shown.bs.collapse', collapseToggle());\n            pageLegendList.addEventListener('hide.bs.collapse', collapseToggle());\n        })(pageLegendList);\n\n        (function (pageLegendList) {\n            const collapseEls = pageLegendList.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.toc-sticky-list .collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegendList);\n\n        \/**\n         * Sticky functionality\n         * Source: https:\/\/stackoverflow.com\/questions\/17893771\/javascript-sticky-div-after-scroll\n         *\/\n        (function (header, pageLegendCollapse) {\n            \/\/ set everything outside the onscroll event (less work per scroll)\n            const target = document.querySelector(\".toc-sticky\");\n            const targetListStatic = document.querySelector(\".toc-sticky-list\");\n\n            if (!target || !header) return;\n\n            const headerHeight = header.getBoundingClientRect().height;\n            const targetHeight = targetListStatic.getBoundingClientRect().height;\n\n            \/\/ -headerHeight so it won't be jumpy\n            const stop = targetListStatic.offsetTop + headerHeight + targetHeight;\n            const docBody =\n                document.documentElement || document.body.parentNode || document.body;\n            const hasOffset = window.pageYOffset !== undefined;\n\n            const applySticky = function () {\n                \/\/ cross-browser compatible scrollTop.\n                const scrollTop = hasOffset ? window.pageYOffset : docBody.scrollTop;\n\n                \/\/ if user scrolls to headerHeight from the top of the target div\n                if (scrollTop >= stop) {\n                    pageLegendCollapse.hide();\n                    \/\/ stick the div\n                    target.classList.add(\"sticky\");\n                    \/\/target.style.marginTop = `${headerHeight}px`;\n                } else {\n                    pageLegendCollapse.show();\n                    \/\/ release the div\n                    target.classList.remove(\"sticky\");\n                    target.style.marginTop = \"\";\n                }\n            }\n\n            applySticky();\n\n            window.addEventListener('scroll', applySticky);\n        })(header, pageLegendCollapse);\n\tjQuery('span.show_moretoc').click(function(){\n\t\tjQuery('span.show_moretoc').hide();\n\t   jQuery('.ms_hidetoc').show();\n\t});\n    });\n\n    \/\/ When the user clicks on the button, scroll to the top of the document\n    function btnTop() {\n        const pageLegend = document.querySelector('#multiCollapse1');\n        document.querySelector('html').classList.remove('overflow-hidden');\n        pageLegend.classList.remove('overflow-auto');\n        pageLegend.style.height = 'auto';\n        window.scrollTo({\n            top: 0,\n            behavior: 'smooth'\n        });\n    }\n\n    const handleScrollToTitle = (id) => {\n        const el = document.getElementById(id);\n        const headerHeightDifference = window.innerWidth < 992 ? -30 : -15;\n        window.scrollTo({\n            top: el.offsetTop - 60 - headerHeightDifference - 10,\n        });\n    }\n<\/script>\n\n<h2><span id=\"what_is_cyber_threat_hunting\">What is Cyber Threat Hunting?<\/span><\/h2>\n<p>Cyber threat hunting is an approach to security that involves searching for and identifying signs of malicious activity within a network before they cause damage or compromise data.<\/p>\n<p>This approach operates under the assumption that despite an organization&#8217;s best efforts, skilled attackers may already be lurking within their network, lying in wait to execute malicious activities. So, rather than relying solely on reactive measures, threat hunting takes a proactive approach to finding these covert threats.<\/p>\n<p>Security teams use a variety of threat-hunting tools like <a href=\"https:\/\/www.techopedia.com\/definition\/25763\/security-event-management\">security information and event management<\/a> (SIEM) for aggregated security data analysis, managed detection and response (MDR) for automated and human <a href=\"https:\/\/www.techopedia.com\/definition\/threat-detection-and-response-tdr\">threat detection<\/a>, <a href=\"https:\/\/www.techopedia.com\/definition\/33746\/security-orchestration-automation-and-response-soar\">security orchestration<\/a>, automation and response (SOAR) to orchestrate monitoring and response workflows, and extended detection and response (XDR) which combines EDR, IAM, analytics, and automated response.<\/p>\n<p>These solutions help threat hunters collect and analyze data across systems and networks, identify vulnerabilities and anomalous activities, and suggest ways these threats can be prevented from causing damage.<\/p>\n<h2><span id=\"how_cyber_threat_hunting_works\">How Cyber Threat Hunting Works<\/span><\/h2>\n<p>Threat hunting requires building a dedicated team of experienced security personnel, often with backgrounds in intelligence analysis or investigative skills. These threat hunters are granted access to <a href=\"https:\/\/www.techopedia.com\/definition\/30323\/data-source\">data sources<\/a> across the organization&#8217;s infrastructure and systems, including network traffic, <a href=\"https:\/\/www.techopedia.com\/definition\/13614\/endpoint-protection\">endpoint data<\/a>, logs, and more.<\/p>\n<p>In many cases, threat-hunting teams follow a framework that consists of five steps:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.techopedia.com\/definition\/30318\/data-collection\">data collection<\/a><\/li>\n<li>hypothesis formation<\/li>\n<li><a href=\"https:\/\/www.techopedia.com\/definition\/26418\/data-analytics\">data analysis<\/a><\/li>\n<li>pattern discovery<\/li>\n<li>automated analytics<\/li>\n<\/ul>\n<p>Leveraging their expertise, threat hunters often develop hypotheses around potential threats or anomalies that may be indicated in the data. They then proactively hunt through the data, using manual techniques and automated tools, looking for evidence. For example, a hypothesis around <a href=\"https:\/\/www.techopedia.com\/definition\/4015\/malicious-software-malware\">malware<\/a> could make the team look for unusual outbound network traffic to a potential command and control server, which could indicate an attack or potential exploit.<\/p>\n<p>To prove or disprove their hypothesis, they hunt through the data using manual techniques and automated tools. If indicators of compromise are found, the team escalates this to the incident response team for containment and remediation, providing key context and a basis for streamlining and enriching automated analytics for future cases.<\/p>\n<h2><span id=\"cyber_threat_hunting_techniques\">Cyber Threat Hunting Techniques<\/span><\/h2>\n<p>Techniques for threat hunting differ from one organization to another and are mostly informed by the security infracture used in the organization. However, below are common threat-hunting techniques.<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/www.techopedia.com\/definition\/31756\/log-analysis\">Log analysis<\/a>:<\/strong> This technique involves analyzing security logs and alerts generated by various systems and applications. The goal is to identify patterns or anomalies that could indicate a security threat.<\/li>\n<li><strong><a href=\"https:\/\/www.techopedia.com\/definition\/29976\/network-traffic-analysis\">Network traffic analysis<\/a>:<\/strong> Analyzing patterns and connections in network traffic can reveal unusual communications associated with malware, data exfiltration, or command and control.<\/li>\n<li>Endpoint analysis: This involves checking endpoints for unusual processes, registry keys, file changes, etc., that could signal the presence of malware, backdoors, or persistent threats.<\/li>\n<li><strong><a href=\"https:\/\/www.techopedia.com\/definition\/30308\/behavioral-analytics\">Behavioral analysis<\/a>:<\/strong> Threat-hunting teams could look at patterns of user or system behaviors that deviate from norms, like unusual account activity, access requests, or large data transfers at odd hours.<\/li>\n<li><strong>Data analytics:<\/strong> This technique includes applying statistical models, <a href=\"https:\/\/www.techopedia.com\/definition\/8181\/machine-learning-ml\">machine learning<\/a> techniques, <a href=\"https:\/\/www.techopedia.com\/definition\/30181\/data-visualization-software\">visualization tools<\/a>, and other analytics to surface subtle anomalies and threat indicators in large, complex data sets.<\/li>\n<li><a href=\"https:\/\/www.techopedia.com\/definition\/20663\/memory-dump\"><strong>Memory dump analysis<\/strong><\/a><strong>:<\/strong> This technique involves analyzing memory dumps, which are snapshots of a device\u2019s<a href=\"https:\/\/www.techopedia.com\/definition\/24491\/random-access-memory-ram\"> random access memory<\/a> (RAM) at a specific point in time. Some malware operates in memory to avoid detection, so this technique can be used to identify threats that traditional antivirus solutions might not catch.<\/li>\n<li><a href=\"https:\/\/www.techopedia.com\/definition\/25323\/packet-analyzer\"><strong>Analyzing server and endpoint data<\/strong><\/a><strong>:<\/strong> This involves checking endpoint protection data for signs of suspicious activity and analyzing server images for threat activity. For example, if a workstation is communicating with a known malicious IP address, it could indicate a compromised system.<\/li>\n<\/ul>\n<h2><span id=\"why_threat_hunting_is_important\">Why Threat Hunting Is Important<\/span><\/h2>\n<p>One of the benefits of threat hunting is that it can help organizations detect and eliminate advanced threats before they cause significant damage or data loss by reducing the time they remain undetected and active in the network.<\/p>\n<p>Considering that the <a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"_blank\">global average cost of a data breach is around $4.4 million<\/a>, the financial implications are significant. This cost escalates the longer the gap between system compromise and response. Threat hunting can help reduce this number and save the organization from financial and reputational losses.<\/p>\n<p>Threat hunting can also help organizations gain valuable insights and intelligence about the threat landscape, the attack vectors, the adversary <a href=\"https:\/\/www.techopedia.com\/definition\/tactics-techniques-and-procedures-ttps\">tactics, techniques, and procedures<\/a> (TTPs), and the indicators of compromise (IOCs), by collecting and analyzing data from various sources, both internal and external. These insights and intelligence can help improve the threat detection and prevention capabilities, as well as the threat response and mitigation strategies of the organization.<\/p>\n<p>Applying threat hunting approach makes it possible for organizations to stay ahead of the curve as security teams do not wait for the organization to be attacked or for threat detection tools to raise an alarm before taking action. They operate by anticipating and preparing for future threats and attacks rather than reacting to them after they happen.<\/p>\n<p>As such, threat hunting can help teams identify and exploit the weaknesses and vulnerabilities of the adversaries, thereby gaining a competitive edge and a strategic advantage over malicious actors.<\/p>\n<h2><span id=\"the_bottom_line\">The Bottom Line<\/span><\/h2>\n<p>Given the benefits of threat hunting in modern-day cybersecurity efforts, it is on organizations to find a way to incorporate threat-hunting strategies in their cybersecurity stack. This does not call for the abandonment of traditional threat-monitoring solutions. However, it requires creating a balance between both measures.<\/p>\n<p>Regardless of the nature of the balance created, effective threat hunting will require not just a skilled security team but also comprehensive visibility into an organization\u2019s environment as well as significant investments in threat hunting tools.<\/p>\n<div class=\"reference-content\">\n<div class=\"reference-heading reference-content-collapsible-heading\">\n<h2><span id=\"references\">References<\/span><\/h2>\n<\/div>\n<div class=\"reference-content-body\">\n<ul>\n<li><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"_blank\" rel=\"noopener\">Cost of a Data Breach Report 2023<\/a> (IBM)<\/li>\n<\/ul>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The cyber threat landscape is constantly evolving, with new threats and attacks emerging every day. While traditional cybersecurity measures like endpoint security and intrusion detection systems are designed to detect and prevent known threats based on predefined rules and signatures, they are all reactionary measures to cybersecurity. It is not simply good enough to have [&hellip;]<\/p>\n","protected":false},"author":286696,"featured_media":167565,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[585,548],"tags":[],"category_partsoff":[],"class_list":["post-167553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threats","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Cyber Threat Hunting: How it Works - Techopedia<\/title>\n<meta name=\"description\" content=\"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools\" \/>\n<meta property=\"og:description\" content=\"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-12T14:11:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Franklin Okeke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Franklin Okeke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\"},\"author\":{\"name\":\"Franklin Okeke\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/cf68e5a8f9bbfc9595ced844b44cd463\"},\"headline\":\"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools\",\"datePublished\":\"2024-02-12T14:11:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\"},\"wordCount\":1226,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#respond\"]}],\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\",\"url\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\",\"name\":\"Understanding Cyber Threat Hunting: How it Works - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg\",\"datePublished\":\"2024-02-12T14:11:52+00:00\",\"description\":\"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg\",\"width\":1200,\"height\":600,\"caption\":\"An image of a hacker using a laptop\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/cf68e5a8f9bbfc9595ced844b44cd463\",\"name\":\"Franklin Okeke\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/04\/avatar_user_286696_1713534218-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/04\/avatar_user_286696_1713534218-300x300.jpg\",\"caption\":\"Franklin Okeke\"},\"description\":\"Franklin Okeke is an author and tech journalist with over seven years of IT experience. Coming from a software development background, his writing spans cybersecurity, AI, cloud computing, IoT, and software development. In addition to pursuing a Master's degree in Cybersecurity &amp; Human Factors from Bournemouth University, Franklin has two published books and four academic papers to his name. Apart from Techopedia, his writing has been featured in tech publications such as TechRepublic, The Register, Computing, TechInformed, Moonlock, and other top technology publications. When he is not reading or writing, Franklin trains at a boxing gym and plays the piano.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/franklin-okeke-8898a3a5\/\"],\"knowsAbout\":[\"Technology Journalist\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/franklinokeke\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding Cyber Threat Hunting: How it Works - Techopedia","description":"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools","og_description":"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.","og_url":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2024-02-12T14:11:52+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg","type":"image\/jpeg"}],"author":"Franklin Okeke","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"Franklin Okeke","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works"},"author":{"name":"Franklin Okeke","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/cf68e5a8f9bbfc9595ced844b44cd463"},"headline":"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools","datePublished":"2024-02-12T14:11:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works"},"wordCount":1226,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#respond"]}],"copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/www.techopedia.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works","url":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works","name":"Understanding Cyber Threat Hunting: How it Works - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg","datePublished":"2024-02-12T14:11:52+00:00","description":"Organizations that wish to stop cyber attacks in their tracks need in the direction of cyber threat hunting, and no longer wait around for security alerts.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/02\/Cyber-Threat-Hunting.jpg","width":1200,"height":600,"caption":"An image of a hacker using a laptop"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/understanding-cyber-threat-hunting-how-it-works#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"Understanding Cyber Threat Hunting: How it Works, Techniques and Tools"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/cf68e5a8f9bbfc9595ced844b44cd463","name":"Franklin Okeke","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/04\/avatar_user_286696_1713534218-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/04\/avatar_user_286696_1713534218-300x300.jpg","caption":"Franklin Okeke"},"description":"Franklin Okeke is an author and tech journalist with over seven years of IT experience. Coming from a software development background, his writing spans cybersecurity, AI, cloud computing, IoT, and software development. In addition to pursuing a Master's degree in Cybersecurity &amp; Human Factors from Bournemouth University, Franklin has two published books and four academic papers to his name. Apart from Techopedia, his writing has been featured in tech publications such as TechRepublic, The Register, Computing, TechInformed, Moonlock, and other top technology publications. When he is not reading or writing, Franklin trains at a boxing gym and plays the piano.","sameAs":["https:\/\/www.linkedin.com\/in\/franklin-okeke-8898a3a5\/"],"knowsAbout":["Technology Journalist"],"url":"https:\/\/www.techopedia.com\/contributors\/franklinokeke"}]}},"modified_by":"Michael Simon","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/167553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/286696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=167553"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/167553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/167565"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=167553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=167553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=167553"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=167553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}