Skip to content

THREAT HUNT

radar

RadarThreatHuntCancelled

${user} canceled the threat hunt '${huntName}' started on ${huntDate}.
Severity Status Audit Event
Info Success Yes

RadarThreatHuntCsvDownload

${user} started a CSV download of threat hunt '${huntName}' created on ${huntDate}.
Severity Status Audit Event
Info Success Yes

RadarThreatHuntStarted

${user} started an advanced threat hunt '${huntName}' on ${huntDate}.
Severity Status Audit Event
Info Success Yes

RadarTurboThreatHuntStarted

${user} started a fast turbo-charged threat hunt '${huntName}' on ${huntDate}.
Severity Status Audit Event
Info Success Yes

threat_hunt

ThreatHuntAborted

Threat hunt ${huntName} was aborted due to file match limit exceeded. Start a threat hunt with narrower IOCs or lower number of objects to have the file match count within the allowed limit.
Severity Status Audit Event
Critical Canceled No

ThreatHuntCanceled

Threat hunt ${huntName} was canceled.
Severity Status Audit Event
Info Canceled No

ThreatHuntFailed

Threat hunt ${huntName} failed to complete. Reason: ${reason}
Severity Status Audit Event
Critical Failure No

ThreatHuntInProgress

Started scanning the object snapshots.
Severity Status Audit Event
Info Running No

ThreatHuntPartiallySucceeded

Threat hunt ${huntName} partially succeeded with ${objSucceeded}  objects successful, ${objPartiallySucceeded} objects partially  successful, and ${objFailed} objects failing. There were  ${objectMatches} object matches and ${fileMatches} file  matches.
Severity Status Audit Event
Critical Failure No

ThreatHuntStarted

${userEmail} initiated ${huntType} threat hunt: ${huntName}.
Severity Status Audit Event
Info TaskSuccess No

ThreatHuntSucceeded

Threat hunt ${huntName} completed successfully for all the objects.  There were ${objectMatches} object matches and ${fileMatches} file  matches.
Severity Status Audit Event
Info Success No