Unstructured threat hunts tend to be free-flowing ad hoc affairs that are primarily data-driven from internal log sources. Hunters dig through logs opportunistically and leverage simple data manipulation techniques like searching with pivot tables or other methods by analysts, and it often relies primarily on investigative methodologies such as the principle of least seen in order to pick out anomalies in the data.
