What is Threat Hunting?

Threat hunting involves actively looking for traces of cyber attacks (past and present) in an IT environment. Cyber threat hunters are security professionals who proactively and iteratively detect and act on advanced attack traces before any alerts are generated by security controls.

Threat Hunting with Hunters SOC Platform

Detection engine
Always up-to-date threat detection

Hunters’ Detection Engine covers the approximately 80% of threat signals that are common to most organizations, leaving threat hunters to focus on the 20% that are unique to their organization. Write custom detection rules with no need for SQL, and map them to relevant MITRE ATT&CK Tactics, Techniques and Procedures (TTPs).

Security Analytics  XDR
Combine threat hunting needs into a single pane of glass

Eliminate the pain of context switching by detecting signals across the entire security environment in one interface. Easily investigate them using the platform’s intuitive search capabilities - no manual rule-writing required.

Magnifier Glass 2 Icon
ML-based scoring and investigation

Threat triage has never been easier, with Hunters’ risk scoring and investigation mechanism powered by machine learning. Our graph-based correlation engine allows lower-fidelity threat signals to be used to contextualize an attack, which may be missed by looking at alerts individually.

Skull 2 Icon
Intuitive Attack Story reports

Once a potential incident is detected from a group of correlated signals and alerts, the Hunters platform automatically packages them into a human-readable attack story. Stories provide analysts with a clear understanding of the attack and its impact, accelerating the response workflow.

Implementing an effective threat hunting workflow

Choose a hunting domain

Hunters SOC Platform’s seamless ingestion of raw data and signals from any telemetry source gives threat hunters easy access to all relevant data from the Hunters portal: endpoint, cloud, network, email, identity, and more.

Create a list of signals

Hunters centralizes all threat signals and alerts generated both by security products and by Hunters’ own detection engine. Signals and alerts are grouped by detection type and listed with their relevant scores and associated context.

Pick signals to investigate further

Use the Hunters platform to run drilldowns on relevant signals as needed. Additionally, use the ‘Entity Search’ feature to look for any entity in the environment and understand its associated leads.

Escalate alerts for remediation

Once each investigation has concluded, threat hunters can decide whether or not to escalate the threat signal or alert and promote it to an incident for response and remediation.