asp-threat-hunting
asp-threat-hunting orchestrates ASP threat hunting. Use it for bounded SIEM hunts around hypotheses, IOCs, TTPs, or suspicious activity.
Invocation
text
/asp-threat-huntingIt combines asp-siem-search, asp-siem-rule, asp-alert, asp-artifact, asp-case, asp-threat-intelligence, and asp-knowledge.
Common Examples
text
/asp-threat-hunting run a 24-hour hunt for suspicious PowerShell download activitytext
/asp-threat-hunting use these IOCs to search related SIEM activitytext
/asp-threat-hunting generate a verifiable hunt query for ATT&CK T1059Common CLI commands:
powershell
asp siem schema list --output json
asp siem search keyword 1.2.3.4 --from 2026-07-02T00:00:00Z --to 2026-07-02T01:00:00Z --output json
asp siem query spl "index=main error" --from 2026-07-02T00:00:00Z --to 2026-07-02T01:00:00Z --output json