> For the complete documentation index, see [llms.txt](https://davidjosearaujo.gitbook.io/online-courses/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://davidjosearaujo.gitbook.io/online-courses/cyber-threat-hunting/introduction/benefits-of-threat-hunting.md). # Benefits of threat hunting Threat hunting mitigates overall risk to the organization through the following benefits: * Proactively uncover security incidents * Better threat response * Improve SOC effectiveness * Uncover potential visibility gaps within the environment * Detect advanced persistent threats ## Proactively uncover security incidents * Threats not detected by traditional means are discovered through threat hunting * Allows organizations to detect potential security threats before they cause a significant impact * Organizations can quickly mitigate threats, using knowledge obtained during the hunting process ## Better threat response **Actively searching for threats improves overall response process**, as there is a better understanding of the scope and characteristics of a threat **Reduces average detection delta** and helps organizations respond more quickly to security incidents Data gathered from past hunts can **significantly reduce investigation time** when responding to security incidents ## Improve SOC effectiveness Threat hunters can classify certain threats and event types as false positives as they perform a hunt. This reduces false positives that SOC analysts deal with Knowledge gained during a hunt can be used to suggest changes to alert policies and increase their effectiveness Reduce alert fatigue by enabling SOC analysts to focus on critical security threats ## Uncover potential visibility gaps Threat hunters review data sources required for each hunt they undertake During this feasibility analysis process, they come across situations where data is inconclusive due to various reasons: * Logging not enabled * Blind spots within the network * Lack of capabilities * Data not collected or aggregated This process helps uncover visibility gaps that help organizations to address tactically or strategically ## Detect Advanced Persistent Threats (APTs) * Zero-days and APTs can be difficult to detect with traditional tools * Hypothesis-driven approach with threat hunting allows an organization to specifically hunt for advanced threats the organization/industry faces * Threat hunting provides an in-depth look at an environment and a greater possibility of detecting advanced threats --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidjosearaujo.gitbook.io/online-courses/cyber-threat-hunting/introduction/benefits-of-threat-hunting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.