qoside hunting

Proactively hunt for unexpected activity

(a.k.a. spotting the camouflage)

When you’re looking for attackers and the alarms didn’t go off, it can be difficult to know where to start. In addition to your MDR, you need a multi-layered security approach. With Expel Hunting, we pull data from your security tech, detect attacker activity, fill in your blind spots and tell you how to prevent them.

What you get:

  • Threat hunts performed by experienced analyst
  • Hunt techniques aligned to your unique risks
  • Clear guidance on what to improve
  • Hunting with the tools you’ve already invested in

Why hunting is more than looking for threats

Join Expel’s Matt Peters, Chief Product Officer, and Bryan Geraldo, Senior Detection and Response Engineer, to learn what we mean when we say hunting.

What we do



We pick the hunt technique best suited to your unique risks, your security tech and activity we’ve observed in your environment.


Our bots do the tedious work of collecting and enriching data, while our analysts use human judgement to dig into outliers and investigate.


We provide details of each hunting technique along with the data we collect, analyst insights and the final results of the hunt.

How it works

Every month, we pull data we’ve been collecting from your tech and create a hypothesis to determine the hunt. Bots then take on actions that can be automated (think data gathering and clustering) so our analysts can focus on things only a human can track.

Our analysts apply their expertise to investigate things that flew under the radar. We tell you when we find a threat and also share notable activity that looks “abnormal” (like activities a software performed that you and your team didn’t know about … not bad, but strange). And we provide a step-by-step guide on how to investigate.

What we look for

(The hunt is on)

Our techniques map to the MITRE ATT&CK framework with each hunt looking for tactics attackers use during specific stages of the attack lifecycle. We create a hypothesis and then look for activity where you would’ve expected alerts to be generated. The results also help fill gaps in your detection strategy.

Unwanted users
blending in
API calls that are truly
IP Address activity to
help spot abnormalities
Misconfigured tools that
could be costing you
User activity to help
highlight best practices
Odd configurations
within your

Hunting techniques tailored to your tech

We’re constantly adding to our library of hunting techniques based on the most recent threat activity we see among our clients. Here’s a list of techniques to give you a sense of the things we look for.

Ready to talk to a human?

When you tell us you’re ready, we won’t waste your time. Let us know what you’re looking for and we’ll have someone get in touch who can talk tech.

First Name
Field is required!
Field is required!
Email Address
Field is required!
Field is required!
Job Title
Field is required!
Field is required!
Last Name
Field is required!
Field is required!
Phone Number
Field is required!
Field is required!
Company Name
Field is required!
Field is required!
  • - select a country -
  • Afghanistan
  • Albania
  • Algeria
  • Andorra
  • Angola
  • Antigua and Barbuda
  • Argentina
  • Armenia
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Bangladesh
  • Barbados
  • Belarus
  • Belgium
  • Belize
  • Benin
  • Bhutan
  • Bolivia (Plurinational State of)
  • Bosnia and Herzegovina
  • Botswana
  • Brazil
  • Brunei Darussalam
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cabo Verde
  • Cambodia
  • Cameroon
  • Canada
  • Central African Republic
  • Chad
  • Chile
  • China
  • Colombia
  • Comoros
  • Congo
  • Cook Islands
  • Costa Rica
  • Croatia
  • Cuba
  • Cyprus
  • Czechia
  • Côte d\\\\\\\'Ivoire
  • Democratic People\\\\\\\'s Republic of Korea
  • Democratic Republic of the Congo
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Equatorial Guinea
  • Eritrea
  • Estonia
  • Eswatini
  • Ethiopia
  • Faroe Islands
  • Fiji
  • Finland
  • France
  • Gabon
  • Gambia
  • Georgia
  • Germany
  • Ghana
  • Greece
  • Grenada
  • Guatemala
  • Guinea
  • Guinea-Bissau
  • Guyana
  • Haiti
  • Honduras
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Iran (Islamic Republic of)
  • Iraq
  • Ireland
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jordan
  • Kazakhstan
  • Kenya
  • Kiribati
  • Kuwait
  • Kyrgyzstan
  • Lao People\\\\\\\'s Democratic Republic
  • Latvia
  • Lebanon
  • Lesotho
  • Liberia
  • Libya
  • Lithuania
  • Luxembourg
  • Madagascar
  • Malawi
  • Malaysia
  • Maldives
  • Mali
  • Malta
  • Marshall Islands
  • Mauritania
  • Mauritius
  • Mexico
  • Micronesia (Federated States of)
  • Monaco
  • Mongolia
  • Montenegro
  • Morocco
  • Mozambique
  • Myanmar
  • Namibia
  • Nauru
  • Nepal
  • Netherlands
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Niue
  • North Macedonia
  • Norway
  • Oman
  • Pakistan
  • Palau
  • Panama
  • Papua New Guinea
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Qatar
  • Republic of Korea
  • Republic of Moldova
  • Romania
  • Russian Federation
  • Rwanda
  • Saint Kitts and Nevis
  • Saint Lucia
  • Saint Vincent and the Grenadines
  • Samoa
  • San Marino
  • Sao Tome and Principe
  • Saudi Arabia
  • Senegal
  • Serbia
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovakia
  • Slovenia
  • Solomon Islands
  • Somalia
  • South Africa
  • South Sudan
  • Spain
  • Sri Lanka
  • Sudan
  • Suriname
  • Sweden
  • Switzerland
  • Syrian Arab Republic
  • Tajikistan
  • Thailand
  • Timor-Leste
  • Togo
  • Tokelau
  • Tonga
  • Trinidad and Tobago
  • Tunisia
  • Turkey
  • Turkmenistan
  • Tuvalu
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom of Great Britain and Northern Ireland
  • United Republic of Tanzania
  • United States of America
  • Uruguay
  • Uzbekistan
  • Vanuatu
  • Venezuela (Bolivarian Republic of)
  • Viet Nam
  • Yemen
  • Zambia
  • Zimbabwe
- select a country -
Field is required!
Field is required!
Field is required!
Field is required!