WELCOME TO CRONINITY

Threat Hunting SOP: Standardized Microsoft KQL Query Framework 1. Purpose This SOP establishes a standardized framework for developing, documenting, and maintaining Microsoft KQL queries used for Threat Hunting and Detection Engineering. The objective is to ensure consistency, repeatability, and operational effectiveness across all threat hunting activities. 2. Scope This standard applies to all: Threat Hunting queries Detection Engineering queries Microsoft Sentinel and Defe

Detection engineering is the strategic process of designing, developing, and continuously improving security detections to identify and respond to cyber threats effectively. It involves crafting high-fidelity detection rules, signatures, and behavioral analytics tailored to an organization's threat landscape. Key Components of Detection Engineering: Analyze threats and identify detection gaps – Leveraging threat intelligence to anticipate and detect emerging attack techniques

Detection Rollout Phase Detection rollout is a critical but often overlooked stage in the detection engineering lifecycle. Regardless of how well a detection is designed, tested, or documented, it provides no value unless it is properly deployed into the environment. In many organizations, detection rollouts are not standardized. This gap is commonly caused by overreliance on vendor-supplied detections (e.g., from SIEM platforms, EDR/XDR platforms), a lack of dedicated detect

DHS CISA SCuBA (Secure Cloud Business Applications) DHS CISA SCuBA (Secure Cloud Business Applications) is a security assessment framework and toolset developed by Cybersecurity and Infrastructure Security Agency to evaluate the security posture of cloud-based SaaS environments, primarily Microsoft 365 and similar platforms. At a technical level, SCuBA provides: Baseline security configuration checks aligned to federal guidance (e.g., logging, identity controls, sharing setti

Threat Hunt Mission Organization in SIEM/XDR Standard Operating Procedure (SOP) 1.  Purpose This Standard Operating Procedure (SOP) defines the standards, steps, and required configurations for organizing and executing Threat Hunt missions within Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) platforms. It establishes a consistent, repeatable methodology for structuring hunt workspaces, managing queries, capturing findings, and prod

Threat Hunt Mission Reporting SOP 1. Purpose This Standard Operating Procedure (SOP) defines the requirements, structure, and standards for producing Threat Hunt Mission Reports. A Threat Hunt Mission Report is the formal deliverable published upon the completion of every Threat Hunt mission. It provides stakeholders with a comprehensive record of the hunt objectives, methodology, findings, indicators of compromise, detection outputs, and recommendations for improving the or

Threat Hunt Mission Execution SOP 1. Purpose This Standard Operating Procedure (SOP) establishes the standardized process, roles, responsibilities, and operational expectations governing the execution phase of Cyber Threat Hunt missions. It is designed to ensure consistency, analytical rigor, and operational effectiveness across all threat hunting activities conducted by the Security Operations Center (SOC) Threat Hunt team. 2. Scope This SOP applies to all personnel particip

Threat Hunt Program Training - Standard Operating Procedure (SOP) 1. Purpose This Standard Operating Procedure (SOP) establishes the training framework for personnel assigned to the Threat Hunting program. The objective is to ensure that threat hunters develop the technical, analytical, and operational competencies required to proactively identify adversary activity within the organization’s environment. This SOP defines: Required threat hunting skill domains Training phases

Threat Hunt Mission Planning - Standard Operating Procedure (SOP) 1. Purpose This Standard Operating Procedure (SOP) defines the process for planning Cyber Threat Hunting missions. Effective mission planning ensures threat hunts are conducted in a structured, repeatable, and intelligence-driven manner that maximizes both investigative quality and operational efficiency. A well-developed mission plan enables the threat hunting team to clearly define objectives, scope investiga

Threat Hunt Mission Intake, Prioritization, Design, Scoping, and Targeting - Standard Operating Procedure (SOP) 1. Purpose This SOP establishes the standardized process for intaking, prioritizing, designing, scoping, and targeting Threat Hunt missions within the organization. The goal is to ensure threat hunting activities are centrally coordinated, strategically prioritized, and executed in a structured and repeatable manner that maximizes operational effectiveness and visib

Rolling Aerts into Incidents - XDR A key strength of Microsoft Defender is its ability to correlate disparate alerts from various detection sources into a single, cohesive incident view. This approach enables defenders to understand an attack or compromise holistically rather than managing fragmented alerts. Microsoft Defender XDR extends this capability by continuing to unify and correlate alerts from multiple security domains, identity, endpoint, email, and cloud applicatio