Hunting
The Hunting tab enables you to actively search for and investigate potential security threats or suspicious activities within their environment. It offers a centralized view where you can conduct threat hunting by querying event data and security logs to identify patterns or indicators of compromise (IOCs) that may not have been detected by automated systems.
The Hunting tab includes the following sub-tabs to view events:
- Events: It lists all the events registered and executed on the assets.
- Exempted Events: It lists all the events for which exceptions are created.
- Advanced Hunting: It lists the predefined (defined by the Qualys Threat Research Team) and customized (user-defined) hunting queries.
Key Actions you can take in the Hunting tab
The following screenshot displays the actions that you can perform on the Hunting tab:
- Search for events (1),
- Events that occurred in a specific time frame (2),
- Search events by type (3),
- Group By (4),
- Filters (5),
- View event details and asset details (6)
Group By: Use the Group By option to view the count of events based on the selected option.
Filters: Use the Filters option to list the Severity and Source of the assets. You can select the severity between Critical, High, Medium, and Low. You can select Anti-malware and EDR from the Source filter.
The following screenshot is an example of High severity and EDR source:
Quick Actions: Hover the mouse over an Object to view the Quick Actions menu.
The Quick Actions menu includes the following options: