“Hunting – Responsibility-accountability-

consulted-information (RACI) Matrix”

Hunting Request

Trigger Events: One of the following reactive or

proactive triggers will prompt the initiation of the
Hunting request process:

RACI
Cyber Threat Intelligence: IOCs provided by the CTI
function identify internally/externally sourced, for
example, Communities of Interest (CoI), Government
Input Partners, Law Enforcement, etc.
Business Case Development: Feedback on a rule
creation request received by the business case
development process where it is determined that a
hunt would be appropriate based upon input.
Incident Response: IOCs provided by an IR function as
part of, or resulting from, incident response activities.

Responsible for analyzing the

Hunting Hunt request and determining
R Team
whether appropriate details
have been received to
evaluate the request.

Accountable to ensure that

Hunting the Hunt request is given
RACI A Team Lead proper consideration and
analysis.

Consulted to provide
Trigger
C Source(s)
detailed context regarding
the hunt.

Trigger Informed of the next stage

I of analysis.
Source(s)

Hunting teams analyze a Hunt request made by the trigger

Details source(s) and determines if there is appropriate information
to evaluate the Hunt request.

Output Hunting request requiring evaluation.

Info@Securemind.se| +46 722 807675 www.SecureMind.se Wadmansgatan 13, Gothenburg 412 35