Threat hunting is the process of an experienced cybersecurity analyst proactively using manual or machine-based techniques to identify security incidents or threats that currently deployed automated detection methods didn't catch. To be successful with threat hunting, analysts need to know how to coax their toolsets into finding the most dangerous threats. They also require ample knowledge of diverse types of malware, exploits and network protocols to navigate the large volume of data consisting of logs, metadata, and packet capture (PCAP) data.
Threat hunting can mean slightly different things to different organizations and analysts. For example, some believe threat hunting is based entirely on difficulty. If the activity is simple, such as querying for known indicators of compromise (IOCs) or searching for POSTs to IP hosts without referrers, it may not be considered threat hunting. On the other hand, searching for things that could be indicative of malicious activity and require analysts to sift through benign traffic may be viewed as threat hunting.
No matter the interpretation, it's important to note that threat hunting requires a considerable time investment, as successfully identifying items of interest is far more difficult when there aren't signatures available. Furthermore, what matters most is not the semantics of the term, but that organizations and their analysts continually conduct threat hunting by ensuring they have the capabilities for discovering and remediating any cyber risks.