Security Onion Console (SOC) includes a Hunt interface which is similar to our Dashboards interface but is tuned more for threat hunting.


The main difference between Hunt and Dashboards is that Hunt’s default queries are more focused than the overview queries in Dashboards. A second difference is that most of the default Dashboards queries display a separate table for each aggregated field, whereas many of the default queries in Hunt aggregate multiple fields in a single table which can be beneficial when hunting for more obscure activity.