Coursera Plus Annual is 40% Off — Ends June 29.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Threat Hunting Techniques

Starweaver via Coursera

Go to class Write review

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
In today's rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated and elusive. Attackers employ advanced threat hunting techniques to infiltrate systems, often bypassing traditional security measures. For cybersecurity specialists and security professionals, this presents a significant challenge: how can we defend against threats that are designed to evade detection? The answer lies in integrating data science with modern cyber threat hunting practices. This course is specifically designed for defenders who want to stay ahead of emerging threats by blending human intuition with machine-driven analytics. In the age of data overload, it's not enough to rely on outdated threat detection approaches. Defenders need to harness the power of modern data science tools and techniques to uncover hidden anomalies, detect behavioral patterns, and identify subtle signals of compromise that are the very foundation of effective threat hunting in cyber security. This course equips you with the skills needed to navigate and combat the evolving cybersecurity landscape using cutting-edge cyber threat hunting tools and data science techniques. Throughout the course, you will dive deep into log analysis, threat hunting hypotheses, and machine learning models applied to real-world cybersecurity scenarios. You will gain hands-on experience with industry-standard threat hunting tools like Splunk and Jupyter Notebooks, enabling you to apply learned techniques to live data and active threats within your organization or a structured training environment. Aligned with a practical model for conducting cyber threat hunting, this course is built for defenders who want to sharpen their hunting instincts and use data more effectively. It is ideal for SOC analysts ready to move beyond alert triage, threat hunters seeking to uncover deeper behavioral patterns, blue team engineers building repeatable threat hunting workflows, and cybersecurity students eager to gain hands-on experience with threat hunting Security Information and Event Management (SIEM) platforms like Splunk and Jupyter. Learners should have a basic understanding of Python, familiarity with common log formats, and a solid grasp of core threat hunting cybersecurity concepts. With these foundations in place, you'll move comfortably into data-driven workflows and hands-on cyber threat hunting techniques explored throughout the course. By the end, you'll understand the full threat hunting lifecycle and how machine learning strengthens hypothesis-driven threat investigations. You'll be able to clean, enrich, and visualize raw telemetry; apply threat analysis and anomaly detection techniques like Isolation Forest and DBSCAN; and design a complete ML-powered hunt in Splunk and Jupyter that detects suspicious behavior with clarity and confidence henceforth building the core competencies expected of a skilled cyber threat hunter.

Syllabus

  • Course Introduction
    • In this course, you’ll learn how to combine threat hunting fundamentals with data science techniques to uncover hidden threats that traditional security tools often miss. You’ll work with real log data, build hunting hypotheses, and apply machine learning models to detect anomalies, behavioral patterns, and subtle signs of compromise across enterprise environments. Through guided instruction, hands-on labs, and practical examples using Splunk and Jupyter Notebooks, you’ll develop the skills to operationalize ML-powered threat hunts, strengthen detection workflows, and respond more effectively to advanced, evasive attackers.
  • Introduction to Industrial Threat Hunting
    • In this module, you’ll explore what threat hunting really means and why it has become essential for modern security teams. We’ll break down how hunters move beyond automated tools to search for hidden or unusual activity that may signal an active compromise. You’ll learn the core concepts, terminology, and frameworks that shape effective hunting, along with the mindset of assuming adversaries may already be inside your environment. By the end, you’ll understand why proactive hunting is critical for stopping attacks early, reducing impact, and strengthening your overall detection strategy.
  • Data Science for Cybersecurity
    • In this module, you’ll learn how data science strengthens modern threat hunting by helping you make sense of large, noisy security datasets. We’ll walk through the essentials of cleaning and shaping log data, visualizing behaviors, and building simple machine learning models to spot anomalies. You’ll get hands-on practice with Python tools like pandas, scikit-learn, and Jupyter Notebooks, and see how these techniques feed into SIEM platforms such as Splunk and Elastic. By the end, you’ll understand how data science supports faster detection, smarter investigations, and repeatable, automated hunting workflows.
  • ML Algorithms for Threat Detection
    • In this module, you’ll explore the unsupervised machine learning techniques that power modern anomaly detection in security environments. We’ll break down how models like Isolation Forest, DBSCAN, Z-Score Analysis, and One-Class SVM uncover unusual patterns without relying on labeled data. You’ll practice applying these algorithms to real-world scenarios such as suspicious logins, odd network traffic, and unusual system behavior. By the end, you’ll understand how these ML methods help you surface hidden threats that traditional rules often overlook.
  • Operationalizing in Splunk and Jupyter
    • In this module, you’ll learn how to turn machine learning models and analytical techniques into practical, repeatable threat-hunting workflows. We’ll walk through how to ingest and prepare data in Splunk, write SPL for clean feature inputs, and build detection notebooks that analyze and score events in Jupyter. You’ll also see how both platforms work together to run full end-to-end hunts, from data extraction to investigation. By the end, you’ll be able to operationalize ML-driven detections and apply them directly to real security telemetry.
  • Course Conclusion
    • In this wrap-up module, you’ll bring all your threat-hunting skills together by building a complete anomaly-based detection workflow using Splunk and Jupyter. This final project puts your log analysis, SPL queries, and ML techniques into practice, showing your ability to uncover hidden threats, visualize suspicious behavior, and map findings to ATT&CK. It’s your chance to demonstrate real-world readiness and apply everything you’ve learned across the course.

Taught by

Archan Choudhury and Starweaver

Reviews

Start your review of Threat Hunting Techniques

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.