What is Threat Hunting?

Cyber threat hunting is a proactive threat detection method. The process involves actively looking for traces of cyber attacks (past and present) in an IT environment. Cyber threat hunters are security professionals who proactively and iteratively detect and act on advanced attack traces before any alerts are generated by security controls.

This contrasts with traditional defensive or preventative measures where the protector investigates data only after a threat indication has been made. A cyber threat hunter should demonstrate both analytical and creative skills, and could benefit from a strong understanding of adversary cyber tactics, techniques and procedures (TTP’s).

Threat Hunting with Hunters XDR

Hunters provides an easy-to-use platform that helps users augment their intuition by allowing them to tackle threat hunting in a structured manner.

Threat hunters can implement and automate their hunting theses with a consolidated threat hunting platform. Hunters XDR provides threat hunting teams with guided investigations supported by off-the-shelf scoring and correlation, which surface Attack Stories that could otherwise go undetected. The XDR platform also connects the organization’s own detection logics into Hunters’ proprietary graph of related entities, alerts and threat signals.

Using one interface, threat hunters can detect weak signals across the entire security environment and easily investigate them using the intuitive search capabilities of the platform, eliminating the pain of context-switching. There's no need for advanced rule-writing or manual correlations (although if threat hunters want to, these are enabled by Hunters XDR). All of this simplifies the hunting process and also enables analysts and other security team employees to engage in hunting activity.

How to Create an Effective Threat Hunting Workflow

  • Choose a Hunting Domain
    Since Hunters XDR seamlessly ingests both raw data as well as alerts and signals from any telemetry source, threat hunters can easily access all of that data from the Hunters portal: endpoint, cloud, network, email, identity, etc.
  • Create a List of Signals
    Hunters XDR gathers all threat signals and alerts generated by security products as well as the ones generated by Hunters’ own detections for various sources. All of these signals and alerts are grouped by detection type and listed with their relevant score and associated context.
  • Pick a Group of Signals to Focus on and Investigate Further
    Easily investigate signals by using Hunters' auto-investigations for enhanced context, and run drill-downs on relevant signals as needed. Additionally, threat hunters can use the ‘Entity Search’ feature to look for any entity in the environment and understand its associated leads and further qualification.
  • Escalate Signals and Alerts for Response and Remediation
    Once the investigation has concluded, threat hunters can decide whether or not to escalate the threat signal or alert and promote it to an incident for remediation.

Recommended Resources


How to Easily Attain a Threat Hunting Lifecycle with Hunters XDR

Watch Hunters’ Head of Research Or Wilder present at Siemplify’s SOCstock event, where you will learn how you can easily include threat hunting techniques on your every day SOC work.


Hunt for the Next Supply Chain Attack - Episode 4 of Hands-On Security by Hunters, feat. Amit Serper

This episode will discuss the impact of the latest REvil ransomware, and possible mitigations. It will also discuss different tactical and technical thesis on how to hunt for the next attack in your organization.


The Importance of Threat Hunting Automation for XDR

Hunters and Cybersecurity Insiders conducted in-depth research on threat hunting in SOC detection and response to gain deeper insights into the evolution of the XDR security practice.

Want to learn more? Get a custom demo