| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Tams, Roope", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-05-30T05:19:29Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-05-30T05:19:29Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/95341", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 pro gradu -tutkielmassa keskityt\u00e4\u00e4n siihen, kuinka mahdollistetaan tehokas kyberuhkien mets\u00e4stys. Aihetta on t\u00e4rke\u00e4\u00e4 tutkia, sill\u00e4 uhkien mets\u00e4stys on varsin uusi aihe, eik\u00e4 koko prosessista ole tehty juurikaan tutkimuksia. Monet aiemmista tutkimuksista ovat keskittyneet p\u00e4\u00e4asiassa tutkimusalueisiin, kuten uhkamallinnukseen, uhkien havaitsemiseen ja kybertapahtumiin vastaamiseen, ja vain muutamia tutkimuksia on tehty kyberuhkien mets\u00e4stys -viitekehyksist\u00e4. Tutkielma suoritettiin laadullisena kirjallisuuskatsauksena, jota seurasi viitekehyksen kehitt\u00e4minen k\u00e4ytt\u00e4en Design Science Research Methodology -prosessia. Kirjallisuuskatsausta k\u00e4ytettiin perustana viitekehyksen kehitt\u00e4miselle. T\u00e4m\u00e4n j\u00e4lkeen kehitetty\u00e4 viitekehyst\u00e4 esiteltiin kolmelle kyberturvallisuuden ammattilaiselle arviointia varten. Arviointi suoritettiin semistrukturoiduilla haastatteluilla. Kehitetyss\u00e4 viitekehyksess\u00e4 on kolme erilaista aloituspistett\u00e4, riippuen siit\u00e4, mihin mets\u00e4stys perustuu. Jos mets\u00e4stys perustuu IoC:ihin, erillist\u00e4 hypoteesia ei kehitet\u00e4, koska tutkinnan pit\u00e4isi olla kevyempi verrattuna tutkintaan, joka perustuu TTP:ihin tai haavoittuvuusraportteihin. Palautetta annetaan, jos mets\u00e4stys hyl\u00e4t\u00e4\u00e4n, tai kun mets\u00e4stys on suoritettu loppuun riippumatta siit\u00e4, l\u00f6ydettiink\u00f6 mets\u00e4styksen tuloksena jotakin. Haastattelujen perusteella t\u00e4m\u00e4n viitekehyksen k\u00e4ytt\u00f6 mahdollistaa tehokkaan uhkien mets\u00e4styksen, erityisesti kun sit\u00e4 k\u00e4ytet\u00e4\u00e4n jatkuvana prosessina. T\u00e4m\u00e4 kehys mahdollistaa tiimien yhteisty\u00f6n ja palautteen antamisen tavalla, jota on helppo ottaa k\u00e4ytt\u00e4\u00e4 SOC:n p\u00e4ivitt\u00e4isiss\u00e4 toiminnoissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This master\u2019s thesis focuses on how to enable efficient threat hunting. Subject is important to research, because threat hunting is a new subject and not much studies have been made about the whole process. Many of the previous studies have focused primarily on research areas like threat modeling, threat detection and incident response, and there are only few studies made about threat hunt-ing frameworks. Thesis was done with qualitative literature review followed by developing the framework with Design Science Research Methodology pro-cess. Literature review was used as a base for the development of threat hunt-ing framework. Then the developed framework was presented for three cyber security professionals for review. Reviewing was done with semi-structured interviews. The threat hunting framework developed has three different start-ing points, based what the hunt is based on. If the hunting is based on the IoCs, separate hypothesis will not be developed, as the search should be lighter compared to a search which is based on TTPs or vulnerability reports. Feed-back will be given if the hunt is being rejected, or when the hunt has been com-pleted no matter if something was found as a result of the hunt. Based on the interviews, using this framework allows efficiency in threat hunting, especially when it is being used as a conctinuos process. This framework allows teams to collaborate and give feedback in a way that is easy to use as a part of daily activities in SOC.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-05-30T05:19:29Z\r\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-05-30T05:19:29Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "53", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "How to enable efficient threat hunting", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202405304104", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat#autotoc-item-autotoc-2.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/en/workspaces/facilities/facilities#autotoc-item-autotoc-2).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
|