Threat Hunting Techniques

Learn to hunt cyber threats using machine learning and real-world tools like Splunk and Jupyter Notebooks. This course covers log analysis, anomaly detection, and behavior-based threat hunting for proactive cybersecurity defense.

Archan Choudhury

Cybersecurity | intermediate | 9 hours | Published: Oct 2025

Discussions

Overview

STUDENTS^*

RECOMMEND^*

This course includes:

On-demand videos
Practice assessments
Multiple hands-on learning activities
Exposure to a real-world project
100% self-paced learning opportunities
Certification of completion

In today’s rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated and elusive. Attackers employ advanced techniques to infiltrate systems, often bypassing traditional security measures. For security professionals, this presents a significant challenge: how can we defend against threats that are designed to evade detection? The answer lies in integrating data science with modern security practices.

This course is specifically designed for defenders who want to stay ahead of emerging threats by blending human intuition with machine-driven analytics. In the age of data overload, it’s not enough to simply rely on outdated detection approaches. Defenders need to harness the power of modern data science tools and techniques to uncover hidden anomalies, detect behavioral patterns, and identify subtle signals of compromise that may otherwise go unnoticed.

This course equips you with the skills needed to navigate and combat the evolving cybersecurity landscape by utilizing cutting-edge techniques in data science. Throughout the course, you will dive deep into log analysis, threat detection hypotheses, and machine learning models applied to real-world cybersecurity scenarios. You will gain hands-on experience using industry-standard tools like Splunk and Jupyter Notebooks, allowing you to apply what you’ve learned to live data and active threats in your organization or in a training environment.

Log Analysis: Learn to analyze complex datasets, including logs from firewalls, IDS/IPS systems, endpoint data, and more. Gain the skills to filter, process, and identify critical information that can reveal potential security incidents.

Threat Detection Hypotheses: Understand how to develop hypotheses that guide threat detection efforts. Learn how to hypothesize potential threats based on data, threat intelligence, and attack patterns, and then use these hypotheses to shape your investigative approach.

Machine Learning Techniques: Apply machine learning algorithms to identify anomalous behaviors and patterns that suggest a compromise. Techniques like clustering, classification, and anomaly detection will be taught in depth to detect threats such as malware, insider attacks, and data exfiltration.

Behavioral Analytics: Learn how to visualize and interpret behavior in datasets. Using statistical and machine learning models, you will understand how attackers behave in systems and how those behaviors can be detected early through anomaly detection.

Operationalizing Threat Hunts: The course focuses not just on theoretical knowledge, but also on how to put these techniques into practice. You will learn how to scale threat-hunting efforts using machine learning, allowing your detection processes to grow alongside your organization’s needs.

This course stands apart because it integrates human expertise with automated machine learning to create a powerful, adaptive defense system. Rather than focusing on static, traditional rule-based detection, you’ll learn to approach threat hunting from a dynamic, data-driven perspective. We blend traditional knowledge with cutting-edge analytics to enable students to respond to evolving, adaptive threats.

Unlike other courses that focus solely on theory or tools, our course ensures you get a holistic understanding of threat detection using modern data science techniques. You’ll be able to move from raw data analysis to actionable intelligence, learning both the how and the why behind every technique.

Skills You Will Gain

AI-Powered Threat Hunting

Cyber Threats

Cybersecurity Threat Intelligence

Hunting techniques

AI Techniques

Learning Outcomes (At The End Of This Program, You Will Be Able To...)

Explore the threat hunting lifecycle and how ML augments hypothesis-driven investigation.

Analyze raw log data by cleaning, enriching, and visualizing it using Pandas, Seaborn, and Matplotlib in Jupyter.

Apply anomaly detection techniques such as Isolation Forest and DBSCAN on telemetry data.

Design and execute a complete ML-based hunt in Splunk and Jupyter to detect suspicious behavior.

Prerequisites

Participants should have basic Python programming skills, be familiar with common log formats, and possess a foundational understanding of cybersecurity concepts. This ensures they can effectively engage with the course content and apply learned techniques.

Who Should Attend

This course is ideal for SOC analysts transitioning from reactive alert triage to proactive hunting, threat hunters using data science for pattern discovery, blue team engineers seeking repeatable detection workflows, and cybersecurity students aiming to gain hands-on experience with tools like Splunk and Jupyter.

Curriculum

Instructors

^*Where courses have been offered multiple times, the “# Students” includes all students who have enrolled. The “%Recommended” shown is also based on this data.

Threat Hunting Techniques

Archan Choudhury

Cybersecurity | intermediate | 9 hours | Published: Oct 2025

Discussions

Overview

STUDENTS^*

RECOMMEND^*

This course includes:

On-demand videos
Practice assessments
Multiple hands-on learning activities
Exposure to a real-world project
100% self-paced learning opportunities
Certification of completion

Log Analysis: Learn to analyze complex datasets, including logs from firewalls, IDS/IPS systems, endpoint data, and more. Gain the skills to filter, process, and identify critical information that can reveal potential security incidents.

Threat Detection Hypotheses: Understand how to develop hypotheses that guide threat detection efforts. Learn how to hypothesize potential threats based on data, threat intelligence, and attack patterns, and then use these hypotheses to shape your investigative approach.

Machine Learning Techniques: Apply machine learning algorithms to identify anomalous behaviors and patterns that suggest a compromise. Techniques like clustering, classification, and anomaly detection will be taught in depth to detect threats such as malware, insider attacks, and data exfiltration.

Behavioral Analytics: Learn how to visualize and interpret behavior in datasets. Using statistical and machine learning models, you will understand how attackers behave in systems and how those behaviors can be detected early through anomaly detection.

Operationalizing Threat Hunts: The course focuses not just on theoretical knowledge, but also on how to put these techniques into practice. You will learn how to scale threat-hunting efforts using machine learning, allowing your detection processes to grow alongside your organization’s needs.

Skills You Will Gain

AI-Powered Threat Hunting

Cyber Threats

Cybersecurity Threat Intelligence

Hunting techniques

AI Techniques

Learning Outcomes (At The End Of This Program, You Will Be Able To...)

Explore the threat hunting lifecycle and how ML augments hypothesis-driven investigation.

Analyze raw log data by cleaning, enriching, and visualizing it using Pandas, Seaborn, and Matplotlib in Jupyter.

Apply anomaly detection techniques such as Isolation Forest and DBSCAN on telemetry data.

Design and execute a complete ML-based hunt in Splunk and Jupyter to detect suspicious behavior.

Prerequisites

Who Should Attend

Curriculum

1Chapter 1 - What is Threat Hunting?

2Chapter 2 - Hunting Methodologies

3Chapter 3 - ATT&CK and Hunt Matrix

4Chapter 4 - Introduction to Data Science

5Chapter 5 - What is Feature Engineering in Threat Hunting

6Chapter 6 - Security-focused visualization examples

7Chapter 7 - Unsupervised ML Basics

8Chapter 8 - Case Study: Suspicious Logins

9Chapter 9 - Different use cases for ML-based Hunting

10Chapter 10 - Log Ingestion in Splunk

11Chapter 11 - Writing SPL for Data Preparation

12Chapter 12 - Splunk and Jupyter Integration

Instructors

^*Where courses have been offered multiple times, the “# Students” includes all students who have enrolled. The “%Recommended” shown is also based on this data.

Archan Choudhury

I love to play it hard on technical ground. So, innovation through Blue Teaming keeps my light on, while my “Day At Work” flows like this👉 Detect Attacks♟ Remediate♟ Keep the Pipeline running♟ Keep the Environment Safe ♟Hunt for Unknown♟ Innovate♟ Inspire teams♟ Repeat ♟I bring decade old expertise and experiences in the field of information and cyber security (Consumer Goods, FMGC, Media Industries). I intent to be part of enthusiastic information security team where I can utilize my knowledge and teamwork capabilities in favor of the organization and continuous improvement through mutual learning process. ♟I work mainly on defensive security. Incident Response, Threat Hunt forensic investigation against security incidents, analysis of compromised host at forensic level, analysis of the behavior and hunt for on the IOCs for security threats, perform remediation for security incidents, analysis of binary level composition for any suspicious files/payloads; these are the parts of my daily jobs. ♟I have a deep level of understanding in Triage process for security incidents, threat event analyses on Azure IDP/Azure ATP/TrapX/Dark-Trace, Cloud Proxy- Zscaler, McAfee ePO in terms of log analysis and managing the admin activities, AI driven Antimalware tool- Cylance(EPP & EDR). Have been working on Resilient for automation of IR Process. Also, I have good understanding in SIEM- QRadar in terms of analysis, creating and fine-tuning the usecases, creating custom parser using RegEx. ♟I have developed up my capabilities for DFIR on Cloud Area(AWS, GCP, K8, WAF), plus automation of IR and taking role to create a full scale Incident management framework in Cloud. I am also working on exploring features to build the Security Operations Strategy for Cloud on Elastic SIEM. ♟Worked in Global SOC and providing cyber security services for 12+ different clients as a shared model in 24*7 environments- Remotely monitoring and managing client network security devices, detecting anomaly in client network in respect of Log source health checkup, writing scripts for automation and for creation custom add-ins in SIEM tool. I also worked on creating front-end design for websites, have understating in PHP, JavaScript, CSS-HTML5, VB-Script etc. Service Operation Portfolio: Leading multi-stakeholder projects to deploy cybersecurity solutions for global clients, coordinating between different teams and ensuring high-quality delivery.   Providing services for Managed Detection and Response, Security Engineering, Cloud Security, Offensive and Defensive Security, AI Safe LLM Security, OT Security, and more. Spearheading partnerships with global organizations like TerraEagle to enhance cybersecurity education worldwide. Cyber Education: Leading a cybersecurity firm that provides advanced, affordable, and hands-on cybersecurity training to professionals and students globally. Planning and organizing industry-level cybersecurity events featuring CTF competitions, product launches, and strategic collaborations. Managing and executing strategic partnerships with TerraEagle and other global firms to embed cybersecurity programs in universities across the U.S. and India. Collaborating with institutions like the University at Buffalo and colleges in Tamil Nadu and Pune to strengthen cybersecurity education. Developing cutting-edge courses in areas like Cloud Security, Microsoft Sentinel, Threat Detection, Sigma rules, and Incident Response. Instructing courses aimed at equipping professionals with advanced security skills, including AI Security, OT Security, and more. Providing expertise in SIEM tools such as Elastic SIEM, Splunk, Microsoft Sentinel for advanced threat detection and incident response at education level. Mentoring cybersecurity professionals and students, empowering over 16,000 individuals globally with real-world cybersecurity skills. Actively contributing to the advancement of the cybersecurity industry through knowledge sharing and advocacy.