This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Identify potential reconnaissance activity on the network
Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network. This playbook aims to identify potential reconnaissance activity by analyzing Windows logs.
The organization has a centralized logging system in place that captures Windows logs.