The search History tab displays all the search queries carried out recently. You can use a query from the recent queries or applied queries.
- On the HawkkHunt portal, click the Threat Hunting page in the left navigation pane.
- Click Add +.
- On the Filter dialog box, click Search History. The recently run queries are listed.
- Select the query you want to apply. Modify the query if required.
- Click Apply. The query is applied, and search results displayed.
There is fix list of parameters for which you can do threat hunting. If such parameters are present as key attributes for any of the incidents or alerts you can do threat hunting from that incident’s Page or alert’s Page respectively.