Proactively Hunt and Create Custom Detections using Advanced Hunting in XDR
Implementation Effort: Medium – Requires security teams to develop queries and maintain custom detection rules, involving ongoing tuning and investigation cycles.
User Impact: Low – This is an analyst-driven backend task; no user involvement or awareness is required.
Overview
Advanced hunting is a tool for exploring up to 30 days of raw data. It helps you inspect network events to find threat indicators and entities. The tool allows flexible data access for hunting known and potential threats. You can also create custom detection rules that automatically check and respond to suspected breaches, misconfigurations, and other issues. These proactive detections can significantly reduce mean time to detect (MTTD) and respond (MTTR) by identifying threats before they escalate, enabling faster remediation and continuous improvement of your threat detection posture.