SecPlusTrainer / Glossary / What are threat hunting tools?
D8 · CySA+

What are threat hunting tools?

Threat hunting tools: SIEM (log-based hunting), EDR (endpoint telemetry), Velociraptor (open-source DFIR/hunt), OSQuery (SQL-based endpoint querying), YARA (file/memory pattern matching).
OSQuery transforms endpoint state into SQL tables — 'SELECT * FROM processes WHERE name LIKE "%mimikatz%"'. Velociraptor collects artifacts from endpoints at scale. ELK + OSQuery = powerful open-source hunting platform. Hypothesis-driven hunts use these tools to test specific attacker behavior assumptions.

Related Terms

What is a threat hunting hypothesis? What are Indicators of Attack (IoA)? What is UEBA (User and Entity Behavior Analytics)? What is XDR (Extended Detection and Response)?
← Back to Glossary Practice Questions →