Threat Hunting in the Age of AI: From Manual Queries to AI-Augmented Detection

Threat hunting has traditionally required deep familiarity with query languages, log structures, and attacker behavior — a high bar that slows down even experienced engineers. In this hands-on workshop, we’ll explore what threat hunting actually looks like in practice using Panther, a modern SIEM platform, first without AI, then with it.

We’ll start by building detections and hunting for threats the manual way: writing PantherFlow and Python-based detection rules, querying structured log data, and reasoning through attacker patterns from first principles. Then we’ll layer in AI — showing how it accelerates query writing, explains unfamiliar log sources, and surfaces anomalies that would otherwise require significant domain expertise to catch.

By the end of the session, attendees will have a grounded, practical understanding of where AI genuinely augments security workflows, where it still falls short, and how to think critically about integrating it into real detection engineering pipelines.

Takeaways

• Hands-on experience with threat hunting in a real SIEM environment
• A clear before/after picture of AI’s impact on detection workflows