Incident response, Threat intelligence

Threat Hunting Platforms vs. SIEM, What’s the Difference? – Corey Thuen – BH20 #2

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? This talk covers the high level and low-level tech that drives these differences.

This segment is sponsored by Gravwell.

Visit to learn more about them!

Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit:

Sponsored By

Full episode and show notes


Corey Thuen
Corey Thuen
Co-Founder at Gravwell

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.


Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad