Threat hunting
MDR | 6 min read
Scaling detection: When 1 + 1 = 3 (grouping IPs to find bad actors across orgs)Here's an overview of how at Expel, we group large data sets via IP information to identify bad actors working across multiple customers.
MDR | 6 min read
15 ways Expel rocked The Forrester Wave™: MDR Services, Q1 2025Enjoy this complimentary playlist while diving into the fifteen reasons why Expel is the best option when it comes to MDR cloud providers.
Rapid response | 2 min read
Security alert: IngressNightmare (NGINX controller for Kubernetes)On March 24, 2025, five vulnerabilities in the Ingress NGINX controller for Kubernetes were publicly disclosed. Here's how to remediate.
Product | 2 min read
Expel MDR customers benefit from expanded threat intel experienceThreat Bulletins are now available in Expel Workbench™, including details on any threat hunting completed to resolve the issue.
Data & research | 2 min read
It’s here: Expel’s 2025 Annual Threat ReportThis year’s Annual Threat Report describes the major attack trends we saw last year, advice to safeguard your org, and predictions for 2025.
Product | 3 min read
Expel MDR has new advanced identity threat detection & responseExpel MDR's new auto remediation feature makes it easier to fix credential compromises in common tools, like Okta. Learn more.
MDR | 3 min read
Let your security maturity be your guideSecurity maturity is critical in determining your SecOps strategy. Learn how an Expel customer determined it was time to add threat hunting.
Data & research | 3 min read
Expel 2023 Q3 Quarterly Threat Report: the top five findingsThe 2023 Q3 Quarterly Threat Report findings are based on incidents our SOC identified. Here are a few of the top trends.
MDR | 3 min read
Hypothesis-based threat hunting: the what, why, and howYour threat hunting program should focus on TTPs, holes, and areas of concern around your security posture and create hunts to probe those areas.
Security operations | 3 min read
Expel Hunting: Now in the cloudWe’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).
Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooksWe got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Security operations | 8 min read
Using JupyterHub for threat hunting? Then you should know these 8 tricks.Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.
Security operations | 4 min read
3 must-dos when you’re starting a threat hunting programSo you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.
Security operations | 6 min read
How to make your org more resilient to common Mac OS attacksGot Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.
Security operations | 6 min read
How to find anomalous process relationships in threat huntingFinding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.
Security operations | 7 min read
How to choose the right security tech for threat huntingHow do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.
Tips | 5 min read
How to hunt for reconnaissanceUse the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.
Security operations | 5 min read
What is (cyber) threat hunting and where do you start?We want to demystify what threat hunting is and what it’s not. So here goes nothin’ ...