Threat hunting proactively searches for threats that evaded automated detection — assuming compromise and actively hunting for IoCs and TTPs.
Threat hunting is proactive (you go looking), not reactive (waiting for alerts). Requires skilled analysts + rich telemetry + MITRE ATT&CK framework for hypothesis generation. Assumption: automated tools missed something — find it before damage worsens.