This document discusses how application performance monitoring (APM) data from the Elastic Stack can be used for threat hunting. It describes how APM data can be combined with machine learning and security information and event management (SIEM) to more easily detect anomalies, pinpoint potential security threats, and reduce mean time to resolution for issues. The document provides examples of how APM metadata can be applied as filters across different Elastic solutions to focus analysis and identifies specific attack models and techniques that can be applied in APM-driven threat hunting rules.