{"id":10691,"date":"2025-10-03T07:11:59","date_gmt":"2025-10-03T11:11:59","guid":{"rendered":"https:\/\/netwitnessdev.wpenginepowered.com\/?post_type=glossary&p=10691"},"modified":"2026-01-07T09:14:40","modified_gmt":"2026-01-07T14:14:40","slug":"cyber-threat-hunting","status":"publish","type":"glossary","link":"https:\/\/www.netwitness.com\/it\/cyber-glossary\/cyber-threat-hunting\/","title":{"rendered":"Cyber Threat Hunting"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What is Cyber Threat Hunting?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.<\/span><\/p>

After sneaking in, an attacker can stealthily remain in a network for months as they quietly collect data, look for confidential material, or obtain login credentials that will allow them to move laterally across the environment.<\/span><\/p>

Once an adversary is successful in evading detection and an attack has penetrated an organization\u2019s defenses, many organizations lack the advanced detection capabilities needed to stop advanced persistent threats from remaining in the network. That\u2019s why <\/span>proactive threat hunting<\/span><\/b> is an essential component of any defense strategy.<\/span><\/p>

Cyber threat hunting tools<\/span><\/b> are becoming increasingly important as companies seek to stay ahead of the latest cyber threats and rapidly respond to any potential attacks.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Synonyms<\/h2>\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\tProactive Threat Hunting<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\tSecurity Hunting<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\tAdversary Hunting<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t
  • \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\tHypothesis-driven Hunting<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t

    What Are Cyber Threat Hunting Methodologies?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Threat hunters assume that adversaries are already in the system, and they <\/span>initiate<\/span> investigation to find unusual behavior that may <\/span>indicate<\/span> the presence of malicious activity. In <\/span><\/span>cyber security threat hunting<\/span><\/span>, this initiation of investigation typically falls into three main categories:<\/span><\/span><\/p>

    1. Hypothesis-driven Investigation<\/span><\/b><\/h3>

    Hypothesis-driven investigations are often triggered by a new threat that\u2019s been identified through a large pool of crowdsourced attack data, giving insights into attackers\u2019 latest tactics, techniques, and procedures (TTP). Once a new TTP has been identified, <\/span>threat hunters<\/span><\/b> will then look to discover if the attacker\u2019s specific behaviors are found in their own environment.<\/span>\u00a0<\/span><\/p>

    2. Investigation based on known Indicators of Compromise (IoCs)or Indicators of Attack<\/span><\/b><\/h3>

    This approach involves leveraging tactical threat intelligence to catalog known IOCs and IOAs associated with new threats. These then become triggers that <\/span>cyber threat hunters<\/span><\/b> use to uncover potential hidden attacks or ongoing malicious activity.<\/span>\u00a0<\/span><\/p>

    3. Advanced Analytics and Machine Learning Investigations<\/span><\/b><\/h3>

    \u00a0The third approach combines powerful data analysis and machine learning to sift through massive information in order to detect irregularities that may suggest potential malicious activity. These anomalies become <\/span>threat hunting leads<\/span><\/b> that are investigated by skilled analysts to identify stealthy threats.<\/span><\/p>

    All three approaches are human-powered efforts that combine threat intelligence resources with <\/span>threat hunting tools<\/span><\/b> to proactively protect an organization\u2019s systems and information.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t

    What Are the Steps in the Cyber Threat Hunting Process?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The process of <\/span>threat hunting in cyber security<\/span><\/b> typically involves three steps: a trigger, an investigation, and a resolution.<\/span>\u00a0<\/span><\/p>

    Step 1: The Trigger<\/span><\/b>\u00a0<\/span><\/h3>

    A trigger points threat hunters to a specific system or area of the network for further investigation when <\/span>advanced cyber threat hunting tools<\/span><\/b> identify unusual actions that may indicate malicious activity. Often, a hypothesis about a new threat can be the trigger for proactive hunting. For example, a security team may search for advanced threats that use tools like fileless malware to evade existing defenses.<\/span>\u00a0<\/span><\/p>

    Step 2: Investigation<\/span><\/b>\u00a0<\/span><\/h3>

    During the investigation phase, the <\/span>cyber threat hunter<\/span><\/b> uses technology such as EDR (Endpoint Detection and Response) to take a deep dive into potential malicious compromise of a system. The investigation continues until either the activity is deemed benign or a complete picture of the malicious behavior has been created.<\/span>\u00a0<\/span><\/p>

    Step 3: Resolution<\/span><\/b>\u00a0<\/span><\/h3>

    The resolution phase involves communicating relevant malicious activity intelligence to operations and security teams so they can respond to the incident and mitigate threats. The data gathered about both malicious and benign activity can be fed into automated technology to improve its effectiveness without further human intervention.<\/span>\u00a0<\/span><\/p>

    Throughout this process, <\/span>threat hunters<\/span><\/b> gather as much information as possible about an attacker\u2019s actions, methods, and goals. They also analyze collected data to determine trends in an organization\u2019s security environment, eliminate current vulnerabilities, and make predictions to enhance security in the future.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t

    Where Does Threat Hunting Fit Into Cyber Security?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Threat hunting<\/span><\/b> is highly complementary to the standard process of incident detection, response, and remediation. As security technologies analyze raw data to generate alerts, <\/span>proactive threat hunting<\/span><\/b> works in parallel \u2013 using queries and automation \u2013 to extract <\/span>threat hunting leads<\/span><\/b> from the same data.<\/span>\u00a0<\/span><\/p>

    Threat hunting tools<\/span><\/b> then help human threat hunters analyze these leads, identify adversary activity, and feed insights into the response pipeline.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t

    Should You Consider Managed Threat Hunting?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Although the concept of threat hunting is clear, the challenge comes with sourcing personnel who can conduct the exercise properly. The best <\/span>cyber threat hunters<\/span><\/b> are those that are battle-tested with ample experience in combating cyber adversaries.<\/span><\/p>

    Unfortunately, there is a major skills shortage in cybersecurity, meaning seasoned hunters don\u2019t come cheap. That\u2019s why many organizations turn to <\/span>managed threat hunting<\/span><\/b> services, which can deliver deep expertise and 24×7 vigilance at a more affordable cost.<\/span>\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t

    What Is Required to Start Threat Hunting? <\/h2>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    A top <\/span>threat hunting service<\/span><\/b> takes a three-pronged approach to attack detection. Along with skilled security professionals, it includes two other components necessary for successful <\/span>cyber threat hunting<\/span><\/b>:<\/span>\u00a0<\/span><\/p>

    1. Human Capital<\/span><\/b><\/h3>

    Every new generation of security technology can detect a greater number of advanced threats \u2014 but the most effective detection engine is still the human brain. Automated detection is predictable, and attackers develop techniques to bypass or hide from automated tools. <\/span>Threat hunters<\/span><\/b> are critical in identifying sophisticated attacks and responding effectively.<\/span>\u00a0<\/span><\/p>

    2. A Wealth of Data<\/span><\/b><\/h3>

    Services must gather and store granular system events to provide absolute visibility into endpoints and network assets. Scalable cloud infrastructure allows aggregation and real-time analysis of large datasets.<\/span>\u00a0<\/span><\/p>

    3. Threat Intelligence<\/span><\/b><\/h3>

    A robust <\/span>cyber threat hunting framework<\/span><\/b> cross-references internal data with the latest external threat intelligence to effectively analyze and correlate malicious actions.<\/span>\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t

    Related Terms & Synonyms<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    • Cyber Security Threat Hunting<\/span>\u00a0<\/span><\/li>
    • Threat Hunting in Cyber Security<\/span>\u00a0<\/span><\/li>
    • Proactive Threat Hunting<\/span>\u00a0<\/span><\/li>
    • Managed Threat Hunting<\/span>\u00a0<\/span><\/li>
    • Cyber Threat Hunter<\/span>\u00a0<\/span><\/li>
    • Threat Hunting Framework<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      People Also Ask<\/h2>\t\t\t\t<\/div>\n\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\n\t\t\t\t\t

      1. What is threat hunting? <\/h3><\/span>\n\t\t\t\t\t\t\t\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t
      \n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Thr<\/span>e<\/span>at hunting in cybersecurity means p<\/span>roactively searching for hidden cyber threats using skilled analysts and threat hunting tools.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t

      \n\t\t\t\t\n\t\t\t\t\t

      2. How to configure a network for network security threat hunting? <\/h3><\/span>\n\t\t\t\t\t\t\t\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t
      \n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Ensure endpoint and network visibility, centralize logs, and use detection tools with threat intelligence for effective hunting.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t

      \n\t\t\t\t\n\t\t\t\t\t

      3. What is threat intelligence? <\/h3><\/span>\n\t\t\t\t\t\t\t\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<\/path><\/path><\/g><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t
      \n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Threat intelligence refers involves getting <\/span>information<\/span> on attacker tactics and indicators that <\/span>help<\/span> identify<\/span> and respond to threats.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

      What is Cyber Threat Hunting? Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. After sneaking in, an attacker can stealthily remain in a network […]<\/p>\n","protected":false},"featured_media":0,"template":"","class_list":["post-10691","glossary","type-glossary","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.netwitness.com\/it\/wp-json\/wp\/v2\/glossary\/10691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.netwitness.com\/it\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/www.netwitness.com\/it\/wp-json\/wp\/v2\/types\/glossary"}],"version-history":[{"count":0,"href":"https:\/\/www.netwitness.com\/it\/wp-json\/wp\/v2\/glossary\/10691\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.netwitness.com\/it\/wp-json\/wp\/v2\/media?parent=10691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}