Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Document Name: NCSA Cyber Threat Hunting Program
Version: 0.9
Accountable: James Eyrich
Authors: James Eyrich and Adam Slagell

Reviewed: June 24, 2021
Approved:   pending IIB approval  


In addition to the use of Qualysguard for vulnerability management of production systems, the NCSA Incident Response and Security Team performs active threat hunting on the entire NCSAnet to detect misconfigurations, system that are not compliant with University policies, and general system weaknesses. The goals of this program are (1) to detect issues more broadly for all networked assets and (2) to investigate more deeply than simple checklists for NCSA's most critical infrastructure.


The security team is not the owner of risks, and sometimes neither is the system operator. When problems are identified that are not simple policy compliance, IRST will make recommendations for remediation. For simple issues this may just be a single ticket, and for more complex issues it may require meetings and a remediation plan from the service operator. Significant risks will also be raised to the Security Office when the attention of senior management is appropriate.