HUNTER
THE THREAT HUNTING CONTENT PLATFORM
The HUNTER platform gives hunters access to fully customized and validated threat hunting content developed by ‘best of the best’ threat hunters. Continuously updated, fully contextualized, and easily searchable, hunters can quickly identify content that supports objectives and fills gaps in your cybersecurity program.
HUNTER Platform
EMPOWER THREAT HUNTERS WITH SUPERIOR CONTENT
THREAT HUNT & DETECTION PACKAGES
- Choose from hundreds of fully contextualized content packages.
- Each package is developed by some of the top threat hunters in the industry.
- Deploy hunts for the latest threats within days, not weeks or months.
- All packages are current, so your team will never waste time on outdated content.
- Packages are aligned to industry frameworks like MITRE ATT&CK, Cyber Kill Chain, and Diamond Model.
CUSTOMIZED TO YOUR ENVIRONMENT
- Effortlessly customize any package to your unique environment.
- Easily alter matched fields, indexes, and source types to ensure compatibility.
- Deploy packages out-of-the-box, with no major configuration or adjustments needed.
- Hunt outputs are tailored to your environment, so no time is wasted normalizing data.
EMULATION & VALIDATION
- Test each threat non-destructively inside your environment to see how it behaves.
- Each threat hunt and detection package is rigorously vetted and tested before release.
- Identify gaps in log sources and tool visibility for every hunt and detection package
SIGNS THREAT FEED
HUNTER includes a dedicated threat feed that:
- Provides enriched and targeted indicators focused on the top threats and malware.
- Includes contextualized threat actor profiles, including industries and locations they target.
- Uses decay modeling to ensure only relevant and actionable indicators are included.
- Integrates with TIPs and other existing ingestion tools.
- Discards false positives through human analysis and best-in-class machine vetting.
BETTER CONTENT ENABLES MORE EFFECTIVE THREAT HUNTS
WHAT’S IN A THREAT HUNT PACKAGE?
USE CASE & QUERY
• An up-to-the-minute query customized for your security tools (e.g., SIEM, EDR) that goes way beyond IoC monitoring to detect specific threat actor tactics, techniques, and behaviors (TTPs).
CONTEXT & DEPLOYMENT GUIDE
• Full guidance for your threat hunting team that explains any package customizations or configurations needed before deployment.
RUNBOOK & REMEDIATION
• Remediation guidance for analysts to ensure each threat is remediated consistently in line with best practices.
CYBER THREAT EMULATION
REACTIVE TO PROACTIVE
SOLVE THREAT HUNTING CHALLENGES
COMMON CHALLENGES
• Customizing content takes too long
• Slow to address new threats
• Hard to upskill new threat hunters
• Budget constraints
THE HUNTER SOLUTION
• Content customized to your environment
• Hunts available for new threats in 1-2 days
• Follow seasoned threat hunters processes and workflows
• Pay less than the cost of one extra FTE
MORE HUNTS, BETTER RESULTS, LESS TIME
HUNTER MAKES YOUR THREAT HUNTS:
DEPLOY HUNTS FASTER
Threat hunting teams often struggle to build, validate, and deploy hunts quickly. HUNTER provides a constant supply of rigorously vetted threat hunt and detection packages that your team can deploy up to 95% faster than hunts developed in-house.
- Run customized hunts out-of-the-box with minimal (if any) changes.
- Quickly validate content and emulate threats with ready-made tools and guidance.
- Deploy hunts for brand new threats in days, not weeks.
RUN MORE HUNTS
Most hunting teams run a few hunts per month because they take time to build and validate. HUNTER provides a library of ready-to-go packages that your team can validate and deploy in a fraction of the time. That means more hunts with less effort—and no additional FTEs.
- Increase hunt output by 5X (or even more).
- Dramatically improve the mean time to deployment (MTTDp).
- Increase the number and speed of hunts without sacrificing quality.
GUIDE YOUR THREAT HUNTING
A common challenge for threat hunters is knowing which hunts to develop first. HUNTER packages are based on current TTPs, high-fidelity CTI, and adversary behaviors, allowing threat hunters to select hunts based on the threats currently focused on your industry or location.
- Reduce cyber risk by focusing hunts on the most pressing threats.
- Avoid wasting time on hunts that aren’t likely to yield results.
- New threat hunters can analyze expert-developed packages to guide future hunts.
REMEDIATE THREATS CONSISTENTLY
Remediation is a crucial part of threat hunting but isn’t always approached consistently. Often, analysts simply reimage infected assets, running the risk that a threat has spread to other assets. HUNTER packages include best practice guidance to fully remediate every threat.
- Guide incident responders to ensure effective, consistent remediation.
- Uncover the full extent of threats, rather than focusing exclusively on one asset.
- Dramatically reduce cyber risk posed by unidentified threats.
Compatability
