Hunting

Hunting, also known as threat hunting, is a proactive cybersecurity technique where skilled security analysts actively search for unknown or undetected threats that have evaded automated security defenses. Unlike traditional reactive approaches that rely on alerts generated by security tools, hunting is a human-driven process in which analysts formulate hypotheses based on threat intelligence, anomalous behavior patterns, and knowledge of adversary tactics, techniques, and procedures (TTPs). Analysts systematically sift through network traffic, log data, and endpoint telemetry to uncover subtle indicators of compromise or attack.

The primary goal of hunting is to significantly reduce dwell time—the duration an attacker remains undetected within an environment—and to neutralize threats before they escalate into full-blown security incidents. As an iterative and continuous process, hunting strengthens an organization's overall cybersecurity posture by refining detection capabilities, uncovering gaps in automated defenses, and enhancing incident response readiness against increasingly sophisticated and evolving threats.