Hunt

Security Onion Console (SOC) includes a Hunt interface which is similar to our Dashboards interface but is tuned more for threat hunting.

_images/52_hunt.png

The main difference between Hunt and Dashboards is that Hunt’s default queries are more focused than the overview queries in Dashboards. A second difference is that most of the default Dashboards queries display a separate table for each aggregated field, whereas many of the default queries in Hunt aggregate multiple fields in a single table which can be beneficial when hunting for more obscure activity.