Creating a threat hunt

You can create a threat hunt to import, group, join, and manipulate data to prove, or disprove your hypotheses.

About this task

This feature is in Beta for the 1.7.2 release.


  1. Go to IBM Data Explorer > Threat hunt (beta).
  2. Click Start a hunt.
  3. Enter the name and the description of your hunt, and then click Start a hunt.
  4. On the Manage steps tab, click Add a step.
    Option Description
    Select a Kestrel statement Select a Kestrel command of your choice. For explanations, see Threat hunt (Beta).
    Step name Enter your custom name or use the default name.
    Kestrel Statement A Kestrel Statement template will be generated after you select a Kestrel command.
    Leave a comment Additional description for this step.
  5. Click Save without running or Run.


The Manage steps list appears when at least one step has been created for this hunt. You can view the variables assoicated with this hunt in the View variables (data) tab.