The PEAK Threat Hunting Framework was developed by the SURGe Security Research team at Splunk to help defenders structure, measure, and improve their threat hunting processes.
PEAK, an acronym for "Prepare, Execute, and Act with Knowledge," brings a fresh perspective to threat hunting. It incorporates three distinct types of hunts:
- Hypothesis-Driven
- Baseline (AKA Exploratory Data Analysis or EDA)
- Model-Assisted Threat Hunts (M-ATH)
Hunting content in this repo follows a flat directory structure, where a README within each directory will detail the method, and artifacts, and details of the specific hunt.
