Talk:Cyber threat hunting

The footnote [1] refers to a magazine article that refers to a primary vendor document at https://sqrrl.com/solutions/cyber-threat-hunting/. I think it would be more honest to use the SQRL paper as reference.

The Wikipedia entry seems to focus very heavily on "network-based" hunting, but the reality is that threat hunting can be conducted on the network level, but is more often (these days) conducted at the endpoint level. Additionally, there are mention of indicators, but most threat hunting is going to be conducted using behavioral detections vs pure indicators. — Preceding unsigned comment added by S0upy (talk • contribs) 14:21, 15 January 2021 (UTC)