Threat hunting is the process of detecing abnormal activity on devices and endpoints that may be signs of compromise, intrusion, or exfiltration of data.
The term “threat hunting” originated with the US Air Force in the mid2000’s, when they began to use teams of security analysts to conduct “friendly force projection on their networks. As it was adopted by the private sector, analysts began referring to these practices simply as “hunting,” leading to the term “threat hunting” being widely adopted by the early 2010’s. Human-driven detection entails security analysts searching through their network in order to find suspicious behavior.
SOURCE: Bejtlich, Richard, “Become a Hunter: Fend off Modern Computer Attacks by Turning your Incident Response Team into Counter Threat Operations,” Information Security, 2011