HUNT-AI

HUNT-AI — Threat Hunting Artificial Intelligence

HUNT-AI is a threat hunting platform designed to help analysts structure, track, and execute investigations more effectively. The project focuses on operationalizing threat hunting by combining runbooks, analyst notes, detection logic, and adversary frameworks into a single, centralized interface. Rather than replacing analyst judgment, HUNT-AI is built to augment it by providing structure, context, and visibility.

At its core, HUNT-AI serves as an electronic analyst notebook paired with a guided hunting workflow. Analysts can document hypotheses, track findings, and align investigative steps with known adversary behaviors. The platform integrates MITRE ATT&CK (v17.0), mapping over 680 techniques to support adversary-centric hunting and improve coverage awareness across environments.

HUNT-AI also emphasizes practical detection engineering by surfacing SIEM detection queries that help analysts quickly identify suspicious or malicious activity. These queries are designed to support real-world hunting scenarios rather than static alerting, encouraging iterative refinement and hypothesis-driven analysis. Tip notifications provide contextual guidance throughout the hunt process to assist analysts in making informed decisions.

The platform is deployed using Docker Compose and supports multiple operating systems, making it accessible for both individual researchers and team environments. By combining structure, documentation, and detection logic, HUNT-AI aims to reduce cognitive load while improving consistency and repeatability in threat hunting operations.