What is threat hunting and how does it differ from traditional monitoring?

Threat hunting is the proactive pursuit of adversaries inside a network, driven by hypotheses about how attackers operate rather than waiting for alerts. It seeks unknown threats and stealthy activity that bypasses standard detections by examining patterns, anomalies, and behaviors across multiple data sources. Traditional monitoring is largely reactive: it collects telemetry and surfaces alerts when known rules or signatures trigger, then investigators respond to those alerts. The best description combines both ideas: threat hunting uses hypothesis-driven investigations to search for threats before alerts appear, while traditional monitoring reacts to existing alerts only. This matters because threat hunting can uncover advanced or previously unseen intrusions that automated alerts might miss, by looking beyond predefined signals and testing educated hypotheses.