A threat hunter is analyzing incoming emails during the past 30 days, looking for spam or phishing campaigns targeting many users. This involves finding large numbers of similar, but not necessarily identical, emails. The hunter extracts key datapoints from each email record, including the sender's address, recipient's address, subject, embedded URLs, and names of any attachments. Using the Splunk App for Data Science and Deep Learning, they then visualize each of these messages as points on a graph, looking for large numbers of points that occur close together. This is an example of what type of threat-hunting technique?
Submit