| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
...
Apart from triaging suspicious alerts and defining investigations, there's one additional step that allows users to get deeper into an investigation. In the Hunting area of the application, users can perform a global search across the whole system and find the events that are related to a specific entity.
Click this icon 
in the top navigation bar to access the Hunting area.
...
Perform a threat hunting
Follow these steps to perform threat hunting:
...
Click the table names under the timeline to hide/show the corresponding lines. This will also affect the results shown in the Hunting results area below. You can also zoom in to a specific time range in the graph by dragging your mouse over the timeline. This action will also show the corresponding results below. Click Restore zoom to go back to the default zoom.
You can also define an alert based on the results of a hunting by clicking Actions → Create alert.
...
Enter the required data and click Create alert in the window that appears to define it.
Hunting results
Events obtained when performing a search are ordered by time. It does not matter if there are two or more results statistics (two or more filters); you will only see the events that resulted from the last search.
...