// Publish a hunt as a case report, escalation, detection promotion, or leadership summary
| name | hunt-publish |
| description | Publish a hunt as a case report, escalation, detection promotion, or leadership summary |
| argument-hint | [target] |
| allowed-tools | Read, Bash, Write, AskUserQuestion |
Creates or updates:
.planning/published/*.md.planning/STATE.mdAfter this command: Route to follow-on hunting, escalation, or detection engineering based on the outcome.
<execution_context> @.github/thrunt-god/workflows/hunt-publish.md </execution_context>
Execute the publishing workflow from @.github/thrunt-god/workflows/hunt-publish.md. Choose the smallest publish format that drives action without overstating confidence.Show available THRUNT threat hunting commands and artifact layout
Map available telemetry, query surfaces, tenants, retention windows, and investigation blind spots
Initialize a threat hunting case from a signal, detection, intel lead, or analyst suspicion
Initialize a threat hunting program with an environment map, tool inventory, huntmap, and empty execution directories
Create phase plans for a threat hunt with exact telemetry tasks, receipts, and query outputs
Execute a hunt phase with parallel telemetry work, query logging, receipt generation, and optional wave targeting