A Cyber Threat Hunting and Intelligence System for Smart Grid: The fast adoption of smart devices and integration with cloud computing and other classic IT networks has significantly increased the number and sophistication of attacks applicable to smart grids. The sheer volume, veracity, and velocity of data exchange in smart grid networks render traditional manual and human-oriented cybersecurity defense techniques impractical and ineffective. In this project, the Cyber Science Lab at the University of Guelph builds an integrated OT (operational technology) – IT (information technology) machine learning-based cyber threat hunting, intelligence, and attack prediction systems for smart grids. The system is capable of identifying characteristics of a threat hunting task in smart grid, to specify events of interest and to create a practical format for Indications of Compromise (IoCs) and Indications of Attacks (IoAs) in smart grids. The system contains an ML-stack with agents that can share their learning space for optimal real-time threat hunting over sizable data with different formats. The threat intelligence system is capable of creating, sharing and consuming threat feeds that contain observables from various combinations of measurements through advanced metering infrastructure (AMI), states, and control actions (i.e. voltage, frequency, etc.).