Regardless of whether you are performing Threat Hunting across your most recent dataset or your long-term historical datasets, an important dimension to your data is the enrichment and contextualization process.
Contextual data provides the Threat Hunter (“hunter”) with additional data points and a more complete picture of the activity, allowing them to make more informed decisions about whether the activity should be investigated further or disregarded.
Article Link: Enriching Raw Telemetry with the Cybereason Historical Data Lake