Best Practices in Threat Hunting: Optimizing the Anomalous Activity Search