McAfee Advanced Cyber Threat Services (McAfee ACTS, formerly Foundstone) Forensics and Incident Response Threat Hunting (FIRE-TH) course examines the basic skills of proactive threat hunting, as opposed to reactionary defensive security. The French author Marcel Proust wrote, “The real voyage ofdiscovery consists not in seeking new landscapes, but in havingnew eyes.” Many organizations have SIEM technology, and a variety of detection points, generating millions, if not billions, of alerts per day. SOC analysts spend time trying to stave off this tidal wave of data, trying to identify the key alerts indicative of an incident - be it a breach, malware outbreak, or adversary. The goal of this course is to provide the student with skills and tools to effectively hunt with that data, and pivot off of it to rapidly identify anomalies, spot attacks flying under the radar, and assist in triage. Students should be able to assist incident responders and malware analysts with identifying potential indicators of compromise (IOCs) in application, endpoint, and network data.