Just finished watching the Youtube video on Mark's presentation. He has introduced 2 of the tools that he created for threat hunting.
First, he introduces APIify that make anything query-able by SEIM, which used to automate the first few steps in every investigation.Second, is the Domain Stats 2.0 which helps to cache those whois requests for SIEM.
Links:
- https://github.com/MarkBaggett/apiify