Replies: 1 comment 2 replies
-
A very useful thought and an interesting question. This makes me to think about something: when a hunter has a library of huntbooks, each of which hunts against a specific hypothesis/APT, could a system partially evaluate each huntbook to see how likely one of them matches the observed data in the select organization? If this is the vision, I think the most challenging parts currently are:
|
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Another tradecraft element that is in regular use by cyber threat analysts is the Analysis of Competing Hypotheses (ACH) methodology that was originally developed by Richards Heuer (Heuer, Richards J., Jr, "Chapter 8: Analysis of Competing Hypotheses", Psychology of Intelligence Analysis, Center for the Study of Intelligence, Central Intelligence Agency, archived from the original on June 13, 2007). I pose this question to the community: Is there a way to develop an easy user interface that links to a TIP and a set of Actuator Profiles, like the Hunt Profile, that could help analysts work through the steps of the ACH process?
Beta Was this translation helpful? Give feedback.
All reactions