Author Archives: Sqrrl Team


Threat Hunter Profile – Brandon Baxter

Brandon Baxter


Years Hunting

Preferred Datasets
Registry data, Command-line auditing, Netflow

Preferred Hunting Techniques
Visualization, Outlier analysis, Baselining, Stacking

Preferred Tools
Carbon Black (Response and Protection), Sysmon, Bro, PowerShell, Sqrrl, REMnux


Threat Hunting for Needles in Haystacks

Cyber threat hunting involves proactively and iteratively searching through networks and datasets to detect threats that evade existing automated tools. Yet, determining the Tactics, Techniques and Procedures (TTPs) used by adversaries is challenging for the very reason that there is often no roadmap that can be used to hunt. Instead, the role of hunter requires, in addition to an understanding of data science and some programming experience, a fundamental curiosity about the data and an understanding of how the bad guys work. It is with these skills that cyber threat hunters set about trying to find a needle in a haystack.



Arm Your Threat Hunters with Self-Service Analytics

The new Sqrrl Enterprise 2.8 introduces an enhanced risk framework and powerful new analytic tools to simplify, accelerate, and amplify threat hunting. The new framework empowers analysts to create their own custom-built threat hunting analytics (“risk triggers”) without having to write any code. The extensible framework also now includes triggers which enrich Sqrrl’s built-in analytics by incorporating correlated information from external sources of risk like SIEM alerts and threat intelligence feeds for every user, IP address, host, and domain inside the organization.