In this module, you’ll explore what threat hunting really means and why it has become essential for modern security teams. We’ll break down how hunters move beyond automated tools to search for hidden or unusual activity that may signal an active compromise. You’ll learn the core concepts, terminology, and frameworks that shape effective hunting, along with the mindset of assuming adversaries may already be inside your environment. By the end, you’ll understand why proactive hunting is critical for stopping attacks early, reducing impact, and strengthening your overall detection strategy.

In this module, you’ll learn how data science strengthens modern threat hunting by helping you make sense of large, noisy security datasets. We’ll walk through the essentials of cleaning and shaping log data, visualizing behaviors, and building simple machine learning models to spot anomalies. You’ll get hands-on practice with Python tools like pandas, scikit-learn, and Jupyter Notebooks, and see how these techniques feed into SIEM platforms such as Splunk and Elastic. By the end, you’ll understand how data science supports faster detection, smarter investigations, and repeatable, automated hunting workflows.

In this module, you’ll explore the unsupervised machine learning techniques that power modern anomaly detection in security environments. We’ll break down how models like Isolation Forest, DBSCAN, Z-Score Analysis, and One-Class SVM uncover unusual patterns without relying on labeled data. You’ll practice applying these algorithms to real-world scenarios such as suspicious logins, odd network traffic, and unusual system behavior. By the end, you’ll understand how these ML methods help you surface hidden threats that traditional rules often overlook.

In this module, you’ll learn how to turn machine learning models and analytical techniques into practical, repeatable threat-hunting workflows. We’ll walk through how to ingest and prepare data in Splunk, write SPL for clean feature inputs, and build detection notebooks that analyze and score events in Jupyter. You’ll also see how both platforms work together to run full end-to-end hunts, from data extraction to investigation. By the end, you’ll be able to operationalize ML-driven detections and apply them directly to real security telemetry.

In this wrap-up module, you’ll bring all your threat-hunting skills together by building a complete anomaly-based detection workflow using Splunk and Jupyter. This final project puts your log analysis, SPL queries, and ML techniques into practice, showing your ability to uncover hidden threats, visualize suspicious behavior, and map findings to ATT&CK. It’s your chance to demonstrate real-world readiness and apply everything you’ve learned across the course.