SPOT: Threat Hunting Mission Planning
How to approach a Threat Hunt using the Army Decision-Making Process
Mission Planning is the foundational aspect of any Threat Hunting activity. It substantiates the effort by documenting all hunts, providing a mechanism to direct and resource the effort, and as a start-point for the effort. The approach offered is predominantly based upon the United States Army’s Military Decision Making Process (MDMP).  For the purposes of the Mission Planing it follows a ten-step process.
The Threat Hunting Mission Planning process provides an established means to conduct active hunting operations. It provides an iterative process designed to focus the three major players, Cyber Threat Intelligence (CTI), Threat Hunting, and Incident Response teams. The Threat Hunting effort is used as a decisive means to prepare, conduct, and improve internal hunting activities.
