One of the most effective ways to stay ahead of potential threats is through proactive threat hunting. This involves actively seeking out potential threats within your network before they can cause harm. There are three primary types of threat hunts that every cybersecurity professional should be familiar with: Lightning Hunts, Difenda Analytics Threat Hunt Requests, and Structured Hunts. Each of these has a unique approach and purpose, which we will explore in detail. 

3 Types of Threat Hunts Overview

Each type of threat hunt plays a vital role in a comprehensive cybersecurity strategy.  

  • Lightning Hunts offers regular, quick assessments, essential for maintaining a baseline level of security.  
  • Threat Hunt Requests provide on-demand hunts to address specific concerns or anomalies identified by customers.  
  • Structured Hunts delivers in-depth, procedural investigations that address complex and high-risk threats. 

1. Lightning Hunts 

Lightning Hunts are essential for maintaining a baseline level of security and quickly addressing potential threats that have triggered alerts. They are designed for quick, regular assessments of your security environment. 

These hunts ensure the collection of essential security data and involve basic hunting techniques, such as searching for key indicators of compromise (IOCs) to identify threats in specific areas.  

  • Initiation: Typically initiated by alerts from the Level 2 (L2) or Level 3 (L3) support teams, requiring deeper investigation. 
  • Frequency: Conducted weekly. 
  • Duration: Typically takes one day. 

Lightning hunts ensure that security teams are always on the lookout for new threats. 

2. Threat Hunt Requests 

Difenda enables Customer Threat Hunt Requests through the Difenda Shield platform, providing a more flexible and comprehensive approach to threat hunting. These cyber threat hunts are particularly useful for addressing specific concerns or anomalies identified by customers. 

  • Initiation: Initiated ad-hoc by customers or analysts on behalf of customers. 
  • Frequency: As needed. 
  • Duration: Typically takes about three days. 

These self-service threat hunts allow both customers and internal teams to initiate hunts based on industry-standard methodologies. They leverage industry best practices to ensure thorough and effective threat detection. 

3. Structured Threat Hunt

Structured Hunts represent the pinnacle of planned, systematic threat hunting. They are comprehensive and thorough, making them ideal for addressing complex and high-risk threats. 

Structured Hunts are meticulously researched, tested, and documented, following a procedural approach. They provide detailed insights and a well-documented approach, ensuring all potential angles are covered.  

  • Initiation: Initiated by the cyber research and response team. 
  • Frequency: Conducted when the threat landscape necessitates it. 
  • Duration: Typically takes about 30 days. 
  • Phases: 
  1. Planned Phase: Collaborative hypothesis development with Threat Intelligence analysts and active adversarial movements. 
  1. Hunting Phase: Execution of the planned hunt with continuous monitoring and adjustments. 
  1. Reporting Phase: Documentation of findings, including multiple review stages and tests prior to execution. 


Proactive threat hunting is critical to staying ahead of potential cyber threats. Cybersecurity professionals can significantly enhance their organization’s security posture by understanding and implementing the three types of threat hunts—Lightning Hunts, Threat Hunt Requests, and Structured Hunts. 


Find Vulnerabilities in your environment now – no strings attached