Introducing… The Threat Hunter’s Cookbook!

Key Takeaways

  • The security experts on the SURGe team have released The Threat Hunter’s Cookbook, a hands-on guide for security practitioners that features actionable insights into threat hunting methods, ready-to-use queries, and more.
  • SURGe will be signing limited-edition hard copies of the book during Black Hat.
  • Those interested in learning more about The Threat Hunter’s Cookbook can hear from the authors during an upcoming live webinar and at .conf25.

Welcome, Chefs! Today we are excited to announce the release of The Threat Hunter’s Cookbook: a practitioner’s guide to learning, expanding, and applying your analysis repertoire for threat hunting. In this kitchen, our main ingredient is data!

Take the Next Step in Your Threat Hunting Journey

Based on the work of dozens of experts across Splunk, and written by the co-creators of The PEAK Threat Hunting Framework, this book is meant to help you take the next step in your threat hunting journey by addressing the black box of the ‘analysis’ step in your workflow. The book organizes and provides transparency to threat hunting methods — like “searching and filtering,” “sorting and stacking,” “clustering,” “grouping,” and more — through a fun, cookbook-style publication, ripe with cooking metaphors, Chef’s Pro Tips, and (hunting) recipes!

With so many ways to kick off a hunt, it can be hard to select the best approach. And even if you have tried-and-true ways for hunting, this can ultimately cap the ceiling of your potential results — and limit the chance to select the best approach for the hunt.

In addition to providing an organization and overview of the top hunting methods, The Threat Hunter's Cookbook features built-in guides, which tie back to our PEAK terminology, to help you select the optimal approach for every hunt.

From there, we offer specific recipes that take on a problem-solution-discussion format to help you learn, apply, and understand the fundamentals needed to become an SPL master chef.

Get Your Copy of The Threat Hunter’s Cookbook

As we’ve learned from PEAK (winner of the 2024 SANS Difference Makers award for Innovation of the Year), hunting is key to driving the continuous improvement of your knowledge, and in turn, your security. More creative and effective hunting is the way to accelerate and optimize this process — so don’t wait any longer, let’s get cooking!

To get started, download a copy of The Threat Hunter’s Cookbook, and if you can, join us at one of our special Cookbook events! We’ll be:

Bon appétit, and happy hunting!

/en_us/blog/fragments/the-peak-threat-hunting-framework
Style
two-column

Related Articles

Predicting Cyber Fraud Through Real-World Events: Insights from Domain Registration Trends
Security
12 Minute Read

Predicting Cyber Fraud Through Real-World Events: Insights from Domain Registration Trends

By analyzing new domain registrations around major real-world events, researchers show how fraud campaigns take shape early, helping defenders spot threats before scams surface.
When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR
Security
4 Minute Read

When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR

Behavioral analytics can spot fraud and burnout. With UEBA built into Splunk ES Premier, one data set helps security and HR reduce risk, retain talent, faster.
Splunk Security Content for Threat Detection & Response: November Recap
Security
1 Minute Read

Splunk Security Content for Threat Detection & Response: November Recap

Discover Splunk's November security content updates, featuring enhanced Castle RAT threat detection, UAC bypass analytics, and deeper insights for validating detections on research.splunk.com.
Security Staff Picks To Read This Month, Handpicked by Splunk Experts
Security
2 Minute Read

Security Staff Picks To Read This Month, Handpicked by Splunk Experts

Our Splunk security experts share their favorite reads of the month so you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.
Behind the Walls: Techniques and Tactics in Castle RAT Client Malware
Security
10 Minute Read

Behind the Walls: Techniques and Tactics in Castle RAT Client Malware

Uncover CastleRAT malware's techniques (TTPs) and learn how to build Splunk detections using MITRE ATT&CK. Protect your network from this advanced RAT.
AI for Humans: A Beginner’s Field Guide
Security
12 Minute Read

AI for Humans: A Beginner’s Field Guide

Unlock AI with the our beginner's field guide. Demystify LLMs, Generative AI, and Agentic AI, exploring their evolution and critical cybersecurity applications.
Splunk Security Content for Threat Detection & Response: November 2025 Update
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: November 2025 Update

Learn about the latest security content from Splunk.
Operation Defend the North: What High-Pressure Cyber Exercises Teach Us About Resilience and How OneCisco Elevates It
Security
3 Minute Read

Operation Defend the North: What High-Pressure Cyber Exercises Teach Us About Resilience and How OneCisco Elevates It

The OneCisco approach is not about any single platform or toolset; it's about fusing visibility, analytics, and automation into a shared source of operational truth so that teams can act decisively, even in the fog of crisis.
Data Fit for a Sovereign: How to Consider Sovereignty in Your Digital Resilience Strategy
Security
5 Minute Read

Data Fit for a Sovereign: How to Consider Sovereignty in Your Digital Resilience Strategy

Explore how digital sovereignty shapes resilient strategies for European organisations. Learn how to balance control, compliance, and agility in your data infrastructure with Cisco and Splunk’s flexible, secure solutions for the AI era.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer