├── LICENSE ├── README.md ├── Recommendations_Tab.png ├── TH_Q_Graphs.png ├── Threat Hunting Metrics Template Sample Data.xlsx ├── Threat Hunting Metrics Template.xlsx ├── Threat Hunting Metris Template v2.xlsx ├── Threat_Hunts_Tab.png └── strat_overview.png /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Jeremy Wiedner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Threat-Hunting-Metrics 2 | 3 | ![Maintenance](https://img.shields.io/maintenance/yes/2022.svg?style=flat-square) 4 | [![GitHub last commit](https://img.shields.io/github/last-commit/cybersheepdog/Threat-Hunting-Metrics.svg?style=flat-square)](https://github.com/cybersheepdog/Threat-Hunting-Metrics/commit/master) 5 | ![GitHub](https://img.shields.io/github/license/cybersheepdog/Threat-Hunting-Metrics) 6 | 7 | 8 | Threat Hunting is time consuming enough as it is. Coming up with and tracking metrics to justify your hunt team to the Execs often takes time away from your Threat Hunting. I have created this Excel document to help automate as much of that as possible. The **Strategic Overview** tab is auto-updated based upon what you enter in the Threat Hunts Tab. The **Threat Hunts** tab is where you enter things such as: 9 | - Name of hunt 10 | - Hypothesis 11 | - Mis-Configurations found 12 | - Security Recommendations based on findings 13 | - Vulnerabilities found 14 | - Recommendations implemented 15 | - Incidents Found 16 | - Total dwell time 17 | 18 | I have also added another tab named **Recommendations** in order to track the recommendations and completion to help show improvement of security posture over time. 19 | 20 | This is currently based on Mitre ATT&CK Tactics as it provides a high level overview appropriate for executives. 21 | 22 | 23 | From the original version which has time spent hunting as a metric. I try to stay away from this as some will start equating time to $$ and that shifts the focus away from the true value of Threat Hunting. The version2 of the document replaces this with the # of hunts. 24 | ![Strategic Overview](strat_overview.png) 25 | 26 | 27 | 28 | ![Quarterly Graphs](TH_Q_Graphs.png) 29 | 30 | 31 | Here is the Threat Hunt Tracking Tab. 32 | 33 | ![Threat Hunts Tracking](Threat_Hunts_Tab.png) 34 | 35 | Here is the Recommendations tab to track your recommendations to improve security posture. 36 | 37 | ![Recommendations Tracking](Recommendations_Tab.png) 38 | -------------------------------------------------------------------------------- /Recommendations_Tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/Recommendations_Tab.png -------------------------------------------------------------------------------- /TH_Q_Graphs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/TH_Q_Graphs.png -------------------------------------------------------------------------------- /Threat Hunting Metrics Template Sample Data.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/Threat Hunting Metrics Template Sample Data.xlsx -------------------------------------------------------------------------------- /Threat Hunting Metrics Template.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/Threat Hunting Metrics Template.xlsx -------------------------------------------------------------------------------- /Threat Hunting Metris Template v2.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/Threat Hunting Metris Template v2.xlsx -------------------------------------------------------------------------------- /Threat_Hunts_Tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/Threat_Hunts_Tab.png -------------------------------------------------------------------------------- /strat_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybersheepdog/Threat-Hunting-Metrics/ebaa59e78501ce64369d7aabe22a17d8086bf8f7/strat_overview.png --------------------------------------------------------------------------------