Leading IT organizations have embraced threat hunting as a way to defend against more sophisticated adversaries. This white paper explains how Cyber Protection Teams (CPTs) can use wire data to automate detection, speed investigations, and improve the granularity and collection of information. The paper includes examples of threat hunting workflows for rapidly investigating file access by user, ransomware infections, Russian DNS queries, and DNS tunneling.