diff --git a/hunts/beacon_detection_via_intra_request_time_deltas.md b/hunts/beacon_detection_via_intra_request_time_deltas.md
index 4d9c111..d99e6ac 100644
--- a/hunts/beacon_detection_via_intra_request_time_deltas.md
+++ b/hunts/beacon_detection_via_intra_request_time_deltas.md
@@ -20,3 +20,5 @@ Malware C2 often utilizes regular request intervals ("beacons") to maintain cont
 - [Detecting Malware Beacons Using Splunk](http://pleasefeedthegeek.wordpress.com/2012/12/20/detecting-malware-beacons-using-splunk/)
 
 - [Tweet by @jackcr](https://twitter.com/jackcr/status/747786867093946368)
+
+- [How to (systematically) detect beaconing traffic with Splunk?](https://github.com/inodee/threathunting-spl/blob/master/hunt-queries/Detecting_Beaconing.md)