In threat hunting, which technique is central?

Threat hunting relies on a proactive, hypothesis-driven approach. Instead of waiting for alerts or user reports, you formulate educated questions about how an attacker might operate in your environment and then use analytics to test those ideas across telemetry from logs, endpoints, and network data. This method seeks hidden, evolving threats that signature-based alerts often miss because attackers continuously adapt their techniques. By actively pursuing plausible attack scenarios—such as unusual login patterns, credential abuse, or unusual data flows—you can uncover malicious activity early and understand the attacker’s methods more deeply. The other options rely on waiting for something to trigger, or focus on compliance checks, which don’t address the real, ongoing process of detecting and understanding threats.