Hunt

Security Onion Console (SOC) includes a Hunt interface which is similar to our Dashboards interface but is tuned more for threat hunting.

_images/56_hunt.png

The main difference between Hunt and Dashboards is that Hunt’s default queries are more focused than the overview queries in Dashboards. A second difference is that most of the default Dashboards queries display a separate table for each aggregated field, whereas many of the default queries in Hunt aggregate multiple fields in a single table which can be beneficial when hunting for more obscure activity.

Other than these two differences, Hunt and Dashboards are very similar, so for more information please see the Dashboards section.