Threat Hunting
A visual, easy-to-use interface for threat hunters to search for IOCs, TTPs and any entity within the organization. Helps unveil all related entities to any domain.
A visual, easy-to-use interface for threat hunters to search for IOCs, TTPs and any entity within the organization. Helps unveil all related entities to any domain.
What is Threat Hunting?
Threat hunting involves actively looking for traces of cyber attacks (past and present) in an IT environment. Cyber threat hunters are security professionals who proactively and iteratively detect and act on advanced attack traces before any alerts are generated by security controls.
Threat Hunting with Hunters SOC Platform
Always up-to-date threat detection
Hunters’ Detection Engine covers the approximately 80% of threat signals that are common to most organizations, leaving threat hunters to focus on the 20% that are unique to their organization. Write custom detection rules with no need for SQL, and map them to relevant MITRE ATT&CK Tactics, Techniques and Procedures (TTPs).
Combine threat hunting needs into a single pane of glass
Eliminate the pain of context switching by detecting signals across the entire security environment in one interface. Easily investigate them using the platform’s intuitive search capabilities - no manual rule-writing required.
ML-based scoring and investigation
Threat triage has never been easier, with Hunters’ risk scoring and investigation mechanism powered by machine learning. Our graph-based correlation engine allows lower-fidelity threat signals to be used to contextualize an attack, which may be missed by looking at alerts individually.
Intuitive Attack Story reports
Once a potential incident is detected from a group of correlated signals and alerts, the Hunters platform automatically packages them into a human-readable attack story. Stories provide analysts with a clear understanding of the attack and its impact, accelerating the response workflow.
Implementing an effective threat hunting workflow
Choose a hunting domain
Hunters SOC Platform’s seamless ingestion of raw data and signals from any telemetry source gives threat hunters easy access to all relevant data from the Hunters portal: endpoint, cloud, network, email, identity, and more.
Create a list of signals
Hunters centralizes all threat signals and alerts generated both by security products and by Hunters’ own detection engine. Signals and alerts are grouped by detection type and listed with their relevant scores and associated context.
Pick signals to investigate further
Use the Hunters platform to run drilldowns on relevant signals as needed. Additionally, use the ‘Entity Search’ feature to look for any entity in the environment and understand its associated leads.
Escalate alerts for remediation
Once each investigation has concluded, threat hunters can decide whether or not to escalate the threat signal or alert and promote it to an incident for response and remediation.