Skip to content

asp-threat-hunting

asp-threat-hunting orchestrates ASP threat hunting. Use it for bounded SIEM hunts around hypotheses, IOCs, TTPs, or suspicious activity.

Invocation

text
/asp-threat-hunting

It combines asp-siem-search, asp-siem-rule, asp-alert, asp-artifact, asp-case, asp-threat-intelligence, and asp-knowledge.

Common Examples

text
/asp-threat-hunting run a 24-hour hunt for suspicious PowerShell download activity
text
/asp-threat-hunting use these IOCs to search related SIEM activity
text
/asp-threat-hunting generate a verifiable hunt query for ATT&CK T1059

Common CLI commands:

powershell
asp siem schema list --output json
asp siem search keyword 1.2.3.4 --from 2026-07-02T00:00:00Z --to 2026-07-02T01:00:00Z --output json
asp siem query spl "index=main error" --from 2026-07-02T00:00:00Z --to 2026-07-02T01:00:00Z --output json