Threat Hunt Lab|Professional SIEM Training

Threat Hunting Scenarios

Practice real-world threat investigation scenarios with realistic log data

3|Scenarios Available

Bank heist beaconing

Scenario

A workstation begins periodic connections to an external IP after a phishing click.

Objectives3

▸Identify suspected beacon destination
▸Propose a containment step
▸List one host triage command

Dataset Hints2

💡Use zeek_conn_small.jsonl
💡Look for periodic low byte-count connections

Investigation Questions

🎯Primary indicator you would search for

💭One sentence hypothesis

➡️Next investigative step

Guided Tutorial: Your First Threat Hunt

Scenario

Objectives0

Dataset Hints0

Investigation Questions

🎯Primary indicator you would search for

💭One sentence hypothesis

➡️Next investigative step

Insider data exfil

Scenario

Unusual outbound FTP sessions during off hours.

Objectives3

▸Flag anomalous username or host
▸Identify destination network
▸Recommend a detection rule

Dataset Hints2

💡Use suricata_alerts_small.jsonl
💡Filter by ftp or 21

Investigation Questions

🎯Primary indicator you would search for

💭One sentence hypothesis

➡️Next investigative step