Threat hunting with SaltOpen


The SaltStack platform is an open-source and Python-based configuration management software. Using Salt, developers and system administrators can better manage their infrastructure and deploy code and changes.

In this article we’ll be running SaltOpen, the open-source version of Salt Enterprise, to see how both the master and minion installations can be used to perform various threat hunting functions for threat hunting teams in Cybersecurity departments.

Overview of Salt

Salt is made up of six modules that can influence its functionality and management. These modules determine the actions that the Salt user intends to carry out. They include:

Execution modules: These represent functions that are available for direct execution from the remote execution engine State modules: These make up the back end for the Salt configuration management system Grains: These detect static information about a system Render modules: These make it possible to render information to the Salt state system Returners: These manage arbitrary return locations Runners: These are master-side convenience applications which are executed by the salt-run command Initial setup and first run

Installation of Salt Open is a pretty straightforward process; a good guide to it can be found here. In our case,

Read More: