LimaCharlie Historical Threat Hunting enables security professionals to execute detection and response (D&R) rules against historical endpoint telemetry data. The tool allows organizations to retroactively search for threats by running detection logic over up to one year of stored telemetry data. When new zero-day vulnerabilities or indicators of compromise become known, security teams can test for these threats across their historical data to determine if systems were previously compromised. The capability supports testing new detection rules against historical traffic to identify how many times a rule would have triggered, which helps refine detection logic and reduce false positives. The tool supports a continuous integration/continuous development (CI/CD) approach for security operations. When detection rules are modified through change control processes, teams can validate changes by running updated rules against known historical data to confirm expected behavior. This functionality provides a testing mechanism similar to unit tests for detection logic, supporting the concept of "Detectors as Code." The historical threat hunting capability operates on endpoint telemetry collected by the LimaCharlie platform and stored for retrospective analysis.