The Falcon platform includes a dedicated category of built-in dashboards and visualizations known as Hunt reports . These reports are specifically engineered to surface high-confidence behavioral anomalies that do not necessarily trigger a standard malware detection but are statistically or contextually suspicious. They serve as a "proactive starting point" for analysts within the Reports and References section of the console.

Examples of Hunt reports include dashboards that identify executables running from the Recycle Bin, unusual parent-child process relationships (like cmd.exe spawned from sqlservr.exe), or suspicious usage of dual-use tools like psexec.exe or wmic.exe. Unlike standard "Detection Activity" reports, which show what the sensor has already caught, Hunt reports are designed to help the analyst find the "undiscovered" threats. Utilizing these reports is a core part of an advanced Hunting Methodology , allowing a team to move from reactive response to proactive threat discovery. By regularly reviewing these reports, a hunter can identify low-frequency, high-impact events that might represent an advanced adversary's initial reconnaissance or persistence efforts that have managed to stay below the threshold of an automated alert.