Monitoring a threat hunt in progress
At this stage, the definitions of the Threat Hunt are pushed down from the Rubrik control plane, down to the CDM cluster. The Rubrik control plane has no access to the data in the backups, and so the scan is executed on the appliance on-premises (or in the cloud, if using Cloud Cluster).
You can monitor the progress of the threat hunt in the Events tab in Data Protection.
From the app-tray in the top-right of the interface, launch Data Protection
Click on the Events tab and then to Events Logs
In the filter field, Select "Rubrik-Demo1" (A) from the Clusters section and select Threat Hunt (B) from the Event Type section.
It may take a minute or two for the hunt details (C) to appear, as they are first composed on Rubrik, then pushed down to the cluster for execution

After a few minutes (dependent on the parameters that you specified for the hunt), you should see the hunt move to Completed status. You can then move back to the Threat Hunt interface to explore the findings of the hunt.