The SOC platform for effective security teams
Hunters SOC platform enables security teams to scale. Offloading the majority of the challenging and manual work security teams have been stuck on, Hunters delivers security results that analysts of any tier can consume to accelerate risk mitigation.
Hunters SOC Platform handles the overwhelming amount of telemetry data, dissolving data silos, and applies encoded threat hunting detections to drive automated investigation and correlation of relevant data into a full attack picture, ready for response playbooks.
Automation across the SOC workflow
Unlimited Data Ingestion
Using cloud connectors to pipe into existing security tools, or directly connecting to SIEM, Hunters SOC Platform ingests logs, events and telemetry from dozens of data sources on-premises and in the cloud.
Hunters SOC Platform extracts both raw data and alerts from existing security data using a stream processing analytics technology which enables near real-time processing and complex analytics. Threat signal extraction is guided by Hunters’ TTP-based detections.
Hunters runs automatic investigations, driven by graph-based correlation, pulling all related information associated with suspicious activity and enriching it with threat intelligence and context.
Once there is enough context around threat signals and alerts, machine learning-based algorithms are used to dynamically score them, allowing for prioritization and quick triage. As more data is ingested and analyzed, insights emerge impacting scoring and prioritization.
Correlated Attack Stories
Correlated signals and alerts that are automatically found as related to the same incident are packaged into a contextual view of an attack story, including critical information like affected entities, users, and activities, providing SOC analysts with a clear understanding of the attack and its impact.
Workflows and SOAR
With Hunters, Incident Response is accelerated as Attack Stories are streamlined into containment and remediation actions through automation using SOAR tools and workflows to reduce the attackers' dwell time.
Key Platform Capabilities
Cloud-scale data model and seamless ingest
APIs and cloud connectors integrate with security data sources, without the need for agents.
Packaged cyber expertise enables ready-to-use detection
Guided by TTP-based attack intel as well as customer-defined detections, Hunters extracts threat signals and alerts from existing security data and automatically maps them onto a MITRE ATT&CK technique across surfaces.
Automatic investigations enriched with context
Mapping of all key entities involved in an alert and all of its relevant associated attributes, and providing context to enable a thorough understanding and prioritization.
Full Attack Stories built from graph-powered correlation
A dynamic Graph presents interactive signal relationships of attack elements across surfaces. Correlated signals are packaged into Attack Stories providing a contextual view of an incident.