Threat Hunt Request Template
Audience: Threat Hunter, SOC Manager, Incident Responder, Detection Engineer
Purpose: Use this template to request a threat hunt based on a hypothesis, campaign concern, or control gap.
graph TD
A["Submit Hunt Request"] --> B["Define Hypothesis and Scope"]
B --> C["Check Data Availability"]
C --> D["Schedule Hunt"]
D --> E["Convert Findings to Actions"]
| Field |
Value |
| Request ID |
HUNT-[YYYYMMDD]-[001] |
| Requester |
|
| Date Submitted |
|
| Reason for Hunt |
☐ Hypothesis · ☐ Incident Follow-up · ☐ Threat Intel · ☐ Audit / Gap |
2. Hunt Objective
| Question |
Answer |
| Hypothesis or concern |
|
| Assets or users in scope |
|
| Time window |
|
| Expected indicators or behaviors |
|
3. Data and Constraints
| Item |
Status |
Notes |
| Relevant logs available |
☐ |
|
| EDR or endpoint data available |
☐ |
|
| Cloud or identity data available |
☐ |
|
| Known constraints documented |
☐ |
|
4. Expected Outputs
5. Approval and Scheduling
| Role |
Name |
Decision |
Date |
| Threat Hunt Lead |
|
☐ Accept · ☐ Reject · ☐ Need More Info |
|
| SOC Manager |
|
☐ Scheduled |
|
References