<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Detection Engineering - Predefender Threat Hunt Book</title><link>https://huntbook.predefender.com/part-6/index.html</link><description>The signal is often already there. The hard part is learning how to see it.
– Roger C.B. Johnsen</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 28 Jun 2026 12:51:29 +0200</lastBuildDate><atom:link href="https://huntbook.predefender.com/part-6/index.xml" rel="self" type="application/rss+xml"/><item><title>Hunter to Detection</title><link>https://huntbook.predefender.com/part-6/hunter-to-detection/index.html</link><pubDate>Sun, 28 Jun 2026 12:51:29 +0200</pubDate><guid>https://huntbook.predefender.com/part-6/hunter-to-detection/index.html</guid><description>Author: Roger C.B. Johnsen
Introduction There are findings in threat hunting that most organizations treat as the end of the investigation. A suspicious process. An unusual command line. A strange authentication pattern. A tool found on disk. The list goes on. The case gets scoped, the immediate risk is handled and everyone moves on.
But for a threat hunter, a finding should not only answer what happened. It should create a better question: how would we find this again?</description></item></channel></rss>