How Do You Approach Threat Hunting in Practice?

The author of the post seeks to understand how teams conduct threat hunting on a daily basis. They ask questions about the starting points of hunts (IOCs, TTPs, or hypotheses based on anomalies), the types of threats that are prioritized (such as insider threats, APTs, cloud abuse, or lateral movement), the most useful anomaly patterns or behaviors, as well as the sources or threat intelligence tools that consistently add value.