![](https://www.securityartwork.es/wp-content/uploads/2020/09/hunt.jpg)
As any analyst knows, the very nature of Threat Hunting entails the application of generic approaches for the detection of anomalies. Unlike the reactive positions of rule-based security, proactive analysis delegates a significant percentage of detection to the analyst. This means that, as it happens to a conventional intelligence analyst, errors of interpretation tend to occur, due to the large number of casuistry found on a daily basis, and which the brain tends to classify as legitimate or malicious in hundredths of seconds.
According to Richard Heuer’s definition in “Psychology of Intelligence Analysis“, an analyst has limits in the interpretation of information, determined by his personality, his beliefs and his cognitive biases. After the identification of the anomaly, the analyst must be able to make a prediction. That is to say, it is the interpretation of a detection and its association to a possible threat that represents a security alert.
And not only this, but, as defined by Steven Rieber in his “Intelligence Analysis and Judgmental Calibration“, the analyst must also be capable of weighing the criticality of an anomaly, which also remains within subjective positions in the form of subjective probability.
[Read more…]