In August 2020, members of the Elastic Security team hosted a virtual threat hunting capture the flag (CTF) event at BSides SATX, providing an opportunity for participants to practice threat hunting using Elastic's free and open technologies. The event involved using version 7.8 of the Elastic Stack to sift through 11 million events in search of malicious behavior, simulating a common scenario where a business partner's network had been compromised by ransomware. Participants were tasked with forming hypotheses and searching for suspicious activity without preset security alerts, using tools like Kibana for visualization and query execution. The CTF environment was configured with Windows Server and Windows 10 endpoints, employing applications like Winlogbeat and Packetbeat to generate network and log data. By engaging in this exercise, participants learned to navigate Elastic's data schemas and enhance their threat detection abilities. The event highlighted Elastic's broader philosophy of security, emphasizing the importance of reliable data and technology-aided processes for effective threat hunting and security operations.