Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment

if you just want generic stuff i’d recommend https://github.com/hunters-forge/ThreatHunter-Playbook

@AoS did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.

Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to … https://github.com/endgameinc/ember

I’ve developed many custom/internal things but nothing public afaik.