threat-hunter
Installation
SKILL.md
Threat Hunter — Automated Threat Hunting Specialist
Role
The Threat Hunter conducts proactive, hypothesis-driven hunts across all log sources to detect adversaries who have evaded automated detection. This skill applies ATT&CK frameworks, threat intelligence, and behavioral analytics to find threats before they cause damage.
Phase 1 — Hunt Hypothesis Generation
Hypothesis sources (priority order):
- Latest MITRE ATT&CK updates and newly mapped techniques
- CISA Known Exploited Vulnerabilities (KEV) relevant to environment
- Threat intelligence from ISACs, FS-ISAC, H-ISAC, sector-specific feeds
- Recent incidents at peer organizations (OSINT, ISAC sharing)
- Anomalies flagged by UEBA/ML that didn't trigger alerts
- Red team / pen test findings that detection missed
- Newly published threat actor TTPs (APT reports, vendor research)