Threat Hunting Techniques

Threat Hunting Techniques

Instructors: Archan Choudhury

Access provided by Interbank

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

9 hours to complete

Flexible schedule

Learn at your own pace

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

9 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Explore the threat hunting lifecycle and how ML augments hypothesis-driven investigation.
Analyze raw log data by cleaning, enriching, and visualizing it using Pandas, Seaborn, and Matplotlib in Jupyter.
Apply anomaly detection techniques such as Isolation Forest and DBSCAN on telemetry data.
Design and execute a complete ML-based hunt in Splunk and Jupyter to detect suspicious behavior.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

4 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 6 modules in this course

In today’s rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated and elusive. Attackers employ advanced techniques to infiltrate systems, often bypassing traditional security measures. For security professionals, this presents a significant challenge: how can we defend against threats that are designed to evade detection? The answer lies in integrating data science with modern security practices.

This course is specifically designed for defenders who want to stay ahead of emerging threats by blending human intuition with machine-driven analytics. In the age of data overload, it’s not enough to simply rely on outdated detection approaches. Defenders need to harness the power of modern data science tools and techniques to uncover hidden anomalies, detect behavioral patterns, and identify subtle signals of compromise that may otherwise go unnoticed. This course equips you with the skills needed to navigate and combat the evolving cybersecurity landscape by utilizing cutting-edge techniques in data science. Throughout the course, you will dive deep into log analysis, threat detection hypotheses, and machine learning models applied to real-world cybersecurity scenarios. You will gain hands-on experience using industry-standard tools like Splunk and Jupyter Notebooks, allowing you to apply what you’ve learned to live data and active threats in your organization or in a training environment. This course is built for defenders who want to sharpen their hunting instincts and use data more effectively. It’s ideal for SOC analysts ready to move beyond alert triage, threat hunters who want to uncover deeper behavioral patterns, blue team engineers looking to build repeatable detection workflows, and cybersecurity students eager to gain hands-on experience with tools like Splunk and Jupyter. Learners should come in with a basic understanding of Python, familiarity with common log formats, and a solid grasp of core cybersecurity concepts. With these foundations in place, you’ll be able to move comfortably into the data-driven workflows and hands-on hunting techniques explored throughout the course. By the end, you’ll understand the full threat hunting lifecycle and how machine learning strengthens hypothesis-driven investigations. You’ll be able to clean, enrich, and visualize raw telemetry; apply anomaly detection techniques like Isolation Forest and DBSCAN; and design a complete ML-powered hunt in Splunk and Jupyter that detects suspicious behavior with clarity and confidence.

In this course, you’ll learn how to combine threat hunting fundamentals with data science techniques to uncover hidden threats that traditional security tools often miss. You’ll work with real log data, build hunting hypotheses, and apply machine learning models to detect anomalies, behavioral patterns, and subtle signs of compromise across enterprise environments. Through guided instruction, hands-on labs, and practical examples using Splunk and Jupyter Notebooks, you’ll develop the skills to operationalize ML-powered threat hunts, strengthen detection workflows, and respond more effectively to advanced, evasive attackers.

What's included

1 video1 reading

In this module, you’ll explore what threat hunting really means and why it has become essential for modern security teams. We’ll break down how hunters move beyond automated tools to search for hidden or unusual activity that may signal an active compromise. You’ll learn the core concepts, terminology, and frameworks that shape effective hunting, along with the mindset of assuming adversaries may already be inside your environment. By the end, you’ll understand why proactive hunting is critical for stopping attacks early, reducing impact, and strengthening your overall detection strategy.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videos Total 64 minutes

Module Introduction 3 minutes
Overview of Threat Hunting Concepts and Importance 5 minutes
How to Plan Threat Hunt 9 minutes
How to Document Threat Hunt 8 minutes
Hunting Methodologies 6 minutes
Telemetry and Data Sources 7 minutes
Essential Tools for Threat Hunting 6 minutes
Explore MITRE ATT&CK 8 minutes
How to Use MITRE Navigator 6 minutes
From ATT&CK to Action: Building a Hunt Matrix for Real Threats 6 minutes

1 reading Total 5 minutes

MITRE Framework 5 minutes

1 assignment Total 20 minutes

Introduction to Industrial Threat Hunting 20 minutes

1 peer review Total 10 minutes

Hands-On-Learning: Performing Threat Actor Profiling Using MITRE ATT&CK and MITRE Navigator 10 minutes

1 discussion prompt Total 10 minutes

The Impact of Proactive Threat Hunting in Your Environment 10 minutes

In this module, you’ll learn how data science strengthens modern threat hunting by helping you make sense of large, noisy security datasets. We’ll walk through the essentials of cleaning and shaping log data, visualizing behaviors, and building simple machine learning models to spot anomalies. You’ll get hands-on practice with Python tools like pandas, scikit-learn, and Jupyter Notebooks, and see how these techniques feed into SIEM platforms such as Splunk and Elastic. By the end, you’ll understand how data science supports faster detection, smarter investigations, and repeatable, automated hunting workflows.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videos Total 69 minutes

Module Introduction 3 minutes
Parsing and Cleaning Logs 5 minutes
Techniques for Log Parsing and Cleaning 6 minutes
Effective Log Parsing and Cleaning Techniques 7 minutes
Introduction to Feature Engineering 6 minutes
Visualizing Behaviors 12 minutes
Threat Hunting Visualization 6 minutes
What is Security-Focused Visualization 7 minutes
Create Your Own Visualization 8 minutes
Top Security Visualizations Every Threat Hunter Should Use 9 minutes

1 reading Total 5 minutes

Effective Data Visualization 5 minutes

1 assignment Total 20 minutes

Data Science for Cybersecurity 20 minutes

1 peer review Total 16 minutes

Hands-On-Learning: Building a Security Visualization to Detect Anomalous Login Activity 16 minutes

1 discussion prompt Total 10 minutes

Data Cleaning as the Foundation of Threat Hunting 10 minutes

In this module, you’ll explore the unsupervised machine learning techniques that power modern anomaly detection in security environments. We’ll break down how models like Isolation Forest, DBSCAN, Z-Score Analysis, and One-Class SVM uncover unusual patterns without relying on labeled data. You’ll practice applying these algorithms to real-world scenarios such as suspicious logins, odd network traffic, and unusual system behavior. By the end, you’ll understand how these ML methods help you surface hidden threats that traditional rules often overlook.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videos Total 67 minutes

Module Introduction 3 minutes
Introduction to Unsupervised ML 4 minutes
Understand Different Process of Unsupervised Learning Models 6 minutes
Evaluating and Tuning ML Models 5 minutes
Suspicious Login Hunting 11 minutes
Graphical Representation of Anomaly 11 minutes
Event Correlation 7 minutes
General Pitfalls in Threat Detection 5 minutes
Different ML Techniques 5 minutes
How to Choose Best ML Model 9 minutes

1 reading Total 5 minutes

Splunk Machine Learning Toolkit Guide 5 minutes

1 assignment Total 20 minutes

ML Algorithms for Threat Detection 20 minutes

1 peer review Total 10 minutes

Hands-On-Learning: Performing an ML-Based Hunt to Detect Anomalous Login Activity 10 minutes

1 discussion prompt Total 10 minutes

Overcoming Challenges in ML Model Tuning 10 minutes

In this module, you’ll learn how to turn machine learning models and analytical techniques into practical, repeatable threat-hunting workflows. We’ll walk through how to ingest and prepare data in Splunk, write SPL for clean feature inputs, and build detection notebooks that analyze and score events in Jupyter. You’ll also see how both platforms work together to run full end-to-end hunts, from data extraction to investigation. By the end, you’ll be able to operationalize ML-driven detections and apply them directly to real security telemetry.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videos Total 58 minutes

Module Introduction 4 minutes
Understand Splunk Architecture 5 minutes
Log Ingestion in Splunk 7 minutes
Search Operation in Splunk 6 minutes
Writing SPL for Data Prep 6 minutes
Jupyter Detection Pipeline 5 minutes
Threat Hunt Notebook Example 6 minutes
Splunk and Jupyter 7 minutes
Elastic and Jupyter 6 minutes
Real Hunt Execution 8 minutes

1 reading Total 5 minutes

Finding a Needle in a Haystack: Machine Learning at the Forefront of Threat Hunting Research 5 minutes

1 assignment Total 20 minutes

Operationalizing in Splunk and Jupyter 20 minutes

1 peer review Total 10 minutes

Hands-On-Learning: End-to-End Threat Hunt Using Splunk, Elastic, and Jupyter 10 minutes

1 discussion prompt Total 10 minutes

Applying Real Hunt Execution Techniques 10 minutes

In this wrap-up module, you’ll bring all your threat-hunting skills together by building a complete anomaly-based detection workflow using Splunk and Jupyter. This final project puts your log analysis, SPL queries, and ML techniques into practice, showing your ability to uncover hidden threats, visualize suspicious behavior, and map findings to ATT&CK. It’s your chance to demonstrate real-world readiness and apply everything you’ve learned across the course.