I am mostly into the offensive side of security but also have done Threat Hunting and the Blue Team side of security while working as Security Research Intern in my current Company.
By configuring sysmon and attaching it with Windows Event Logger and looking for suspicious logs or running open source tools like DeepBlueCLI (UEBA style Detection techniques), to perform Threat Hunting via Windows Event Logs.
Analysing Memory images with volatility or for small-scale analysing (a particular process) used Moneta/PeSieve.
Also used RITA for analyzing PCAP files (in the form of Zeek logs).
Also used, Velociraptor for collecting Host-based state information via Velociraptor Query Language (VQL) queries, which performs PowerShell queries to get juicy artefacts out of the system.
Similar to this Velociraptor, I have also used another tool named, Osqueryi, targeting the Linux environment.
I used this mainly while hunting any artefacts my rootkit left in the Kernel or UserSpace.
I made this rootkit named, reveng_rtkit. which was selected to be presented at multiple International Conferences.