When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I purchase the Certificate?

When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Threat Hunting Techniques

3 days left! Save on skills that make you shine with 40% off 3 months of Coursera Plus. Save now

Threat Hunting Techniques

Instructors: Archan Choudhury

Included with

Learn more

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

9 hours to complete

Flexible schedule

Learn at your own pace

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

9 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Explore the threat hunting lifecycle and how ML augments hypothesis-driven investigation.
Analyze raw log data by cleaning, enriching, and visualizing it using Pandas, Seaborn, and Matplotlib in Jupyter.
Apply anomaly detection techniques such as Isolation Forest and DBSCAN on telemetry data.
Design and execute a complete ML-based hunt in Splunk and Jupyter to detect suspicious behavior.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 6 modules in this course

In today’s rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated and elusive. Attackers employ advanced techniques to infiltrate systems, often bypassing traditional security measures. For security professionals, this presents a significant challenge: how can we defend against threats that are designed to evade detection? The answer lies in integrating data science with modern security practices.

This course is specifically designed for defenders who want to stay ahead of emerging threats by blending human intuition with machine-driven analytics. In the age of data overload, it’s not enough to simply rely on outdated detection approaches. Defenders need to harness the power of modern data science tools and techniques to uncover hidden anomalies, detect behavioral patterns, and identify subtle signals of compromise that may otherwise go unnoticed. This course equips you with the skills needed to navigate and combat the evolving cybersecurity landscape by utilizing cutting-edge techniques in data science. Throughout the course, you will dive deep into log analysis, threat detection hypotheses, and machine learning models applied to real-world cybersecurity scenarios. You will gain hands-on experience using industry-standard tools like Splunk and Jupyter Notebooks, allowing you to apply what you’ve learned to live data and active threats in your organization or in a training environment. This course is built for defenders who want to sharpen their hunting instincts and use data more effectively. It’s ideal for SOC analysts ready to move beyond alert triage, threat hunters who want to uncover deeper behavioral patterns, blue team engineers looking to build repeatable detection workflows, and cybersecurity students eager to gain hands-on experience with tools like Splunk and Jupyter. Learners should come in with a basic understanding of Python, familiarity with common log formats, and a solid grasp of core cybersecurity concepts. With these foundations in place, you’ll be able to move comfortably into the data-driven workflows and hands-on hunting techniques explored throughout the course. By the end, you’ll understand the full threat hunting lifecycle and how machine learning strengthens hypothesis-driven investigations. You’ll be able to clean, enrich, and visualize raw telemetry; apply anomaly detection techniques like Isolation Forest and DBSCAN; and design a complete ML-powered hunt in Splunk and Jupyter that detects suspicious behavior with clarity and confidence.

Module details

In this course, you’ll learn how to combine threat hunting fundamentals with data science techniques to uncover hidden threats that traditional security tools often miss. You’ll work with real log data, build hunting hypotheses, and apply machine learning models to detect anomalies, behavioral patterns, and subtle signs of compromise across enterprise environments. Through guided instruction, hands-on labs, and practical examples using Splunk and Jupyter Notebooks, you’ll develop the skills to operationalize ML-powered threat hunts, strengthen detection workflows, and respond more effectively to advanced, evasive attackers.

What's included

1 video1 reading

In this module, you’ll explore what threat hunting really means and why it has become essential for modern security teams. We’ll break down how hunters move beyond automated tools to search for hidden or unusual activity that may signal an active compromise. You’ll learn the core concepts, terminology, and frameworks that shape effective hunting, along with the mindset of assuming adversaries may already be inside your environment. By the end, you’ll understand why proactive hunting is critical for stopping attacks early, reducing impact, and strengthening your overall detection strategy.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 64 minutes

Module Introduction 3 minutes
Overview of Threat Hunting Concepts and Importance 5 minutes
How to Plan Threat Hunt 9 minutes
How to Document Threat Hunt 8 minutes
Hunting Methodologies 6 minutes
Telemetry and Data Sources 7 minutes
Essential Tools for Threat Hunting 6 minutes
Explore MITRE ATT&CK 8 minutes
How to Use MITRE Navigator 6 minutes
From ATT&CK to Action: Building a Hunt Matrix for Real Threats 6 minutes

1 readingTotal 5 minutes

MITRE Framework 5 minutes

1 assignmentTotal 20 minutes

Introduction to Industrial Threat Hunting 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Performing Threat Actor Profiling Using MITRE ATT&CK and MITRE Navigator10 minutes

1 discussion promptTotal 10 minutes

The Impact of Proactive Threat Hunting in Your Environment10 minutes

In this module, you’ll learn how data science strengthens modern threat hunting by helping you make sense of large, noisy security datasets. We’ll walk through the essentials of cleaning and shaping log data, visualizing behaviors, and building simple machine learning models to spot anomalies. You’ll get hands-on practice with Python tools like pandas, scikit-learn, and Jupyter Notebooks, and see how these techniques feed into SIEM platforms such as Splunk and Elastic. By the end, you’ll understand how data science supports faster detection, smarter investigations, and repeatable, automated hunting workflows.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 69 minutes

Module Introduction 3 minutes
Parsing and Cleaning Logs 5 minutes
Techniques for Log Parsing and Cleaning6 minutes
Effective Log Parsing and Cleaning Techniques7 minutes
Introduction to Feature Engineering 6 minutes
Visualizing Behaviors 12 minutes
Threat Hunting Visualization 6 minutes
What is Security-Focused Visualization 7 minutes
Create Your Own Visualization8 minutes
Top Security Visualizations Every Threat Hunter Should Use 9 minutes

1 readingTotal 5 minutes

Effective Data Visualization 5 minutes

1 assignmentTotal 20 minutes

Data Science for Cybersecurity20 minutes

1 peer reviewTotal 16 minutes

Hands-On-Learning: Building a Security Visualization to Detect Anomalous Login Activity 16 minutes

1 discussion promptTotal 10 minutes

Data Cleaning as the Foundation of Threat Hunting 10 minutes

In this module, you’ll explore the unsupervised machine learning techniques that power modern anomaly detection in security environments. We’ll break down how models like Isolation Forest, DBSCAN, Z-Score Analysis, and One-Class SVM uncover unusual patterns without relying on labeled data. You’ll practice applying these algorithms to real-world scenarios such as suspicious logins, odd network traffic, and unusual system behavior. By the end, you’ll understand how these ML methods help you surface hidden threats that traditional rules often overlook.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 67 minutes

Module Introduction 3 minutes
Introduction to Unsupervised ML 4 minutes
Understand Different Process of Unsupervised Learning Models 6 minutes
Evaluating and Tuning ML Models 5 minutes
Suspicious Login Hunting 11 minutes
Graphical Representation of Anomaly 11 minutes
Event Correlation 7 minutes
General Pitfalls in Threat Detection 5 minutes
Different ML Techniques 5 minutes
How to Choose Best ML Model 9 minutes

1 readingTotal 5 minutes

Splunk Machine Learning Toolkit Guide 5 minutes

1 assignmentTotal 20 minutes

ML Algorithms for Threat Detection20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Performing an ML-Based Hunt to Detect Anomalous Login Activity 10 minutes

1 discussion promptTotal 10 minutes

Overcoming Challenges in ML Model Tuning10 minutes

In this module, you’ll learn how to turn machine learning models and analytical techniques into practical, repeatable threat-hunting workflows. We’ll walk through how to ingest and prepare data in Splunk, write SPL for clean feature inputs, and build detection notebooks that analyze and score events in Jupyter. You’ll also see how both platforms work together to run full end-to-end hunts, from data extraction to investigation. By the end, you’ll be able to operationalize ML-driven detections and apply them directly to real security telemetry.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 58 minutes

Module Introduction 4 minutes
Understand Splunk Architecture 5 minutes
Log Ingestion in Splunk 7 minutes
Search Operation in Splunk 6 minutes
Writing SPL for Data Prep 6 minutes
Jupyter Detection Pipeline 5 minutes
Threat Hunt Notebook Example 6 minutes
Splunk and Jupyter7 minutes
Elastic and Jupyter6 minutes
Real Hunt Execution 8 minutes

1 readingTotal 5 minutes

Finding a Needle in a Haystack: Machine Learning at the Forefront of Threat Hunting Research 5 minutes

1 assignmentTotal 20 minutes

Operationalizing in Splunk and Jupyter20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: End-to-End Threat Hunt Using Splunk, Elastic, and Jupyter 10 minutes

1 discussion promptTotal 10 minutes

Applying Real Hunt Execution Techniques10 minutes

In this wrap-up module, you’ll bring all your threat-hunting skills together by building a complete anomaly-based detection workflow using Splunk and Jupyter. This final project puts your log analysis, SPL queries, and ML techniques into practice, showing your ability to uncover hidden threats, visualize suspicious behavior, and map findings to ATT&CK. It’s your chance to demonstrate real-world readiness and apply everything you’ve learned across the course.