anpa1200/threat-hunting-hypotheses

# threat-hunting-hypotheses Structured hunting hypotheses extracted from CTI and threat-hunting research. Each hypothesis includes data sources, query logic, false-positive notes, ATT&CK mapping, and references. ## Structure threat-hunting-hypotheses/ hypotheses/ TH-0001-example.md queries/ splunk/ kql/ sigma/ references/ ## First Seed Use: - Endpoint Threat Hunting. - Protocol-Level Network Threat Hunting. - Threat Hunting with the Pyramid of Pain. - Single-Event Detection Rules. - Correlation-Based Detection Rules. ## Flagship Milestone This becomes a flagship when it has 25 validated hypotheses with Splunk, KQL, Sigma, false-positive notes, and ATT&CK mapping.