Skip to main content
Version: 2.12.0

Threat Hunting

This section provides an overview of the threat detection interface and how to work with detected threats in your environment.

First Access

Access the threat hunting interface through Eyeglass:

  1. Navigate to Ransomware Defender
    Go to the Ransomware Defender section in the Eyeglass menu.

    Ransomware Defender navigation

  2. Click the Threat Hunting tab In the Events section, select the Threat Hunting tab to open the separate threat hunting UI.

    Threat Hunting tab

  3. Authenticate if prompted
    Enter your Eyeglass credentials when requested.

Separate Interface

The threat hunting interface opens in a separate window for dedicated threat analysis and response.

Understanding the Threat List

The threat detection interface displays comprehensive information about each detected threat:

Threat list interface

Threat Information Columns

ColumnDescriptionExample
SeverityThreat severity level (5 levels)HIGH, MID_HIGH, MID, MID_LOW, LOW
Confidence ScoreML model confidence percentage in threat detection88.7%, 95.2%, 75.0%
SourceClient IP address where anomalous activity originated192.168.1.xx, 10.0.0.xx
UserAccount associated with the anomalous activityDOMAIN\\jsmith, local\\admin
TargetStorage device being monitoredpowerscale-cluster, isilon-prod
Threat CategoryType of anomalous behavior detected (see Detection Types)Various anomaly types based on detected patterns
StateCurrent threat processing statusOpen, Closed
Time DetectedWhen the anomaly was first detectedJun 18, 2025 at 4:48 pm

Detection Types

Dell Cyber data security identifies various threat categories, from ransomware to data loss prevention. For a complete list of detection types and their descriptions, see the Detection Types Reference.

Threat Severity Levels

Threat Hunting uses 5 severity levels to categorize threat types:

SeverityDescription
HIGHHighly anomalous behavior patterns indicating potential active threats
MID_HIGH (med_high)Significant deviations from normal user activity requiring prompt review
MIDModerate anomalies that may indicate early threat reconnaissance
MID_LOW (low_med)Minor deviations requiring attention
LOWMinimal deviations from baseline behavior patterns

Confidence Score and Severity Relationship

Threat Hunting uses two independent metrics: Severity Levels categorize the threat type (HIGH, MID_HIGH, MID, MID_LOW, LOW) while Confidence Score represents the machine learning system's certainty percentage (0-100%) that it's a real threat.

Key Examples

A LOW severity event could have a 95% confidence score, while a HIGH severity event could have a 60% confidence score. This independence allows for nuanced threat evaluation and decision-making.

Searching and Filtering

Find specific threats using search and filtering capabilities:

  1. Access Search Bar
    Use the search bar above the threats list.

  2. Enter Terms
    Type any value (username, IP address, threat type).

  3. View Results
    Results update automatically as you type.

How to Filter

  1. Open Filters
    Click the filter icon next to the search bar.

  2. Select Options
    Choose from these categories:

    • Severity: HIGH, MID_HIGH, MID, MID_LOW, or LOW
    • Confidence Score: Filter by confidence percentage threshold
    • Category: Specific threat types (see Detection Types)
    • User: Specific user accounts or identities

  3. Manage Active Filters
    After applying filters:

    • View Active Filters: Active filters appear as tags at the top
    • Check Count: Counter shows applied filters (e.g., "+2")
    • Reset Filters: Click "Reset" to clear all filters

Next Steps

Now that you understand the threat hunting interface, explore these operational procedures:

Integrations

Configure webhook integrations with your security stack to forward alerts to SIEM or SOAR platforms

Viewing Threat Details

Learn how to examine detailed information for both open and closed threats

Response Procedures

Understand how to investigate threats and take appropriate actions

See Also