toggler

Find, Understand and Act on Real Incidents

Seamless, Flexible Ingestion

Seamless, Flexible Ingestion

Using cloud connectors to pipe into existing security tools, or directly connecting to SIEM, Hunters XDR collects logs, events and telemetry from dozens of data sources on premises and in the cloud, including EDRs, NDRs, Cloud service providers, Firewalls, Identity and Access Management tools, and more.
Seamless, Flexible Ingestion
Detection Engine

Detection Engine

Hunters XDR extracts threat signals and alerts from petabytes of existing security data using a stream processing analytics technology. It enables near real-time processing and complex analytics. Threat signal extraction is guided by Hunters’ TTP-based attack intel which is also mapped onto a MITRE ATT&CK technique.
Get a Demo
Detection Engine
Investigation, Investigation and Scoring

Investigation, Scoring and Prioritization

In order to contextualize threat signals, Hunters XDR performs autonomous investigations. It automatically extracts features and entities that were involved in a specific suspicious activity, and leverages ML to score them from 0 to 100, allowing for an easy prioritization and quick triage.
Investigation, Investigation and Scoring
Correlation

Cross-Surface Correlation

Hunters uses unsupervised learning to correlate signals and alerts across disparate areas of suspicious activity in the Graph (e.g., suspected phishing email followed by malware downloads on gateway and EDR), and surface actionable Attack Stories.
Correlation
Actionable Insights, Response and Remediation

Actionable Insights, Response and Remediation

Hunters’ Attack Stories include full attack summary and outline, with details such as context, path, target and potential impact. Attack stories are pushed to customers as high confidence findings which can be escalated leveraging existing workflows such as SOAR and ticketing systems.
Actionable Insights, Response and Remediation

Use Cases

01

Create account on Hunters’ open XDR platform

pointer

02

Connect your stack with a few simple clicks

03

Gain access to Hunters’ Knowledge Graph to:

pointer
Triage Automation

USE CASE 1

Triage Automation
Use Hunters' scoring and prioritization to reduce detection and triage time.
Incident Response

USE CASE 2

Incident Response
Expedite incident response by uncovering root cause analysis, and gain unprecedented risk awareness and insights into multi-surface incidents.
Threat Hunting

USE CASE 3

Threat Hunting
Improve sophisticated threat hunting quests by leveraging Hunters' detections of weak threat signals that bypass siloed organizational defenses.
Optional managed Threat Hunting and IR services

Optional managed Threat Hunting and IR services

01

Create account on Hunters’ open XDR platform

02

Connect your stack with a few simple clicks

03

Gain access to Hunters’ Knowledge Graph to:

pointer
pointer
Triage Automation

USE CASE 1

Triage Automation
Use Hunters' scoring and prioritization to reduce detection and triage time.
Incident Response

USE CASE 2

Incident Response
Expedite incident response by uncovering root cause analysis, and gain unprecedented risk awareness and insights into multi-surface incidents.
Threat Hunting

USE CASE 3

Threat Hunting
Improve sophisticated threat hunting quests by leveraging Hunters' detections of weak threat signals that bypass siloed organizational defenses.
Optional managed Threat Hunting and IR services

Optional managed Threat Hunting and IR services

Competitive Comparison

SIEM

Single-Vendor /closed XDR

Hunters

open XDR

oval

Cloud based and scalable

No

Yes

Yes

Ingestion

oval

DATA SOURCES SUPPORT

Limited analysis support to a variety of data sources

Good analysis support for a vendor-limited products group

Deep analysis across 7 best-of-breed product categories, APIs and static tables

oval

DATA SOURCES INGESTION

Hard; requires extensive implementation

Easy

Easy.
Few clicks via a SaaS

oval

OUT-OF-THE-BOX DETECTORS AND ALERTS

No. Limited to a set of generic use cases. Requires extensive implementation

No. Limited to vendor stack

Yes.
Out-of-the-box detectors; no implementation or tuning needed

Detection

oval

DETECTORS UPDATES

No.
Requires daily efforts from engineering and SOC analysts

Yes

Yes.
Continuously updating and adding detectors according to latest attacks and threat analysis

oval

ATTACK SURFACE COVERAGE

Limited coverage, minimal cloud coverage

Extended coverage,
vendor-limited

Multiple attack surfaces coverage: enterprise network, cloud environments, endpoint, SaaS, and more

oval

Investigation

AUTOMATIC INVESTIGATION

No. Manual

Yes. Limited to vendor-specific products

Yes.
Out-of-the-box enrichments and investigation playbooks

oval

SCORING OF THREAT SIGNALS

No.
Manual daily triage of hundreds of alerts and false positives

Yes

Yes.
ML based scoring points to the interesting threat signals

oval

Correlation

THREAT SIGNALS CORRELATION

No.
Log correlation only. Limited because different logs work in different semantics

Partial

Yes.
Recursively extracting entities and correlating them on a graph to find highly suspicious attack stories

oval

WEAK SIGNALS COVERAGE

Included with no context

Not necessarily included

Included and contextualized

oval

ALERTING

Many alerts and false-positives

Fewer alerts

No singular alerts. Highly correlated findings

Packaging

oval

HIGH FIDELITY INCIDENTS

Not included

Not included

Included

oval

COST

Based on data volumes. Requires hiring

Based on storage. Premium pricing from existing products

Fixed charge. Does not
require hiring

Cloud based and scalable

SIEM

No

Single-Vendor/
Closed XDR

Yes

Hunters

Open XDR

Yes

DATA SOURCES SUPPORT

SIEM

Limited analysis support to a variety of data sources

Single-Vendor/
Closed XDR

Good analysis support for a vendor-limited products group

Hunters

Open XDR

Deep analysis across 7 best-of-breed product categories, APIs and static tables

DATA SOURCES INGESTION

SIEM

Hard; requires extensive implementation

Single-Vendor/
Closed XDR

Easy

Hunters

Open XDR

Easy.
Few clicks via a SaaS

OUT-OF-THE-BOX DETECTORS AND ALERTS

SIEM

No. Limited to a set of generic use cases. Requires extensive implementation

Single-Vendor/
Closed XDR

No. Limited to vendor stack

Hunters

Open XDR

Yes.
Out-of-the-box detectors; no implementation or tuning needed

DETECTORS UPDATES

SIEM

No.
Requires daily efforts from engineering and SOC analysts

Single-Vendor/
Closed XDR

Yes

Hunters

Open XDR

Yes.
Continuously updating and adding detectors according to latest attacks and threat analysis

ATTACK SURFACE COVERAGE

SIEM

Limited coverage, minimal cloud coverage

Single-Vendor/
Closed XDR

Extended coverage,
vendor-limited

Hunters

Open XDR

Multiple attack surfaces coverage: enterprise network, cloud environments, endpoint, SaaS, and more

AUTOMATIC INVESTIGATION

SIEM

No. Manual

Single-Vendor/
Closed XDR

Yes. Limited to vendor-specific products

Hunters

Open XDR

Yes.
Out-of-the-box enrichments and investigation playbooks

SCORING OF THREAT SIGNALS

SIEM

No.
Manual daily triage of hundreds of alerts and false positives

Single-Vendor/
Closed XDR

Yes

Hunters

Open XDR

Yes.
ML based scoring points to the interesting threat signals

THREAT SIGNALS CORRELATION

SIEM

No.
Log correlation only. Limited because different logs work in different semantics

Single-Vendor/
Closed XDR

Partial

Hunters

Open XDR

Yes.
Recursively extracting entities and correlating them on a graph to find highly suspicious attack stories

WEAK SIGNALS COVERAGE

SIEM

Included with no context

Single-Vendor/
Closed XDR

Not necessarily included

Hunters

Open XDR

Included and contextualized

ALERTING

SIEM

Many alerts and false-positives

Single-Vendor/
Closed XDR

Fewer alerts

Hunters

Open XDR

No singular alerts. Highly correlated findings

HIGH FIDELITY INCIDENTS

SIEM

Not included

Single-Vendor/
Closed XDR

Not included

Hunters

Open XDR

Included

COST

SIEM

Based on data volumes. Requires hiring

Single-Vendor/
Closed XDR

Based on storage. Premium pricing from existing products

Hunters

Open XDR

Fixed charge. Does not
require hiring

FAQs

What is required to deploy Hunters XDR?

Deployment is simple and swift, no agents required. The solution is cloud-based and connects with your existing environment.

Do I have to own a data lake to use Hunters XDR?

Not necessarily, but it is recommended. You can either bring your own, or utilize Hunters’ integration with Snowflake.

Does the solution detect attacks in real time?

Hunters XDR detects attacks as they happen, and provides near real time findings from the very early stages of an attack operation.

Is Hunters XDR a replacement for SIEM?

Yes, Hunters XDR can augment or replace your SIEM.

  • Hunters is focused on proactive detection; picking up weak, overlooked signals
  • Hunters is a machine-led  solution, while SIEM requires many human resources 
  • SIEM solutions create many alerts and little findings, Hunters is focused on high confidence findings
  • Hunters connects and ingests raw, big data, proactively looking for attack TTPs
  • Hunters interconnects sparse organizational data sources and security telemetry
  • Combining Hunters with your security data lake can lead to better results than SIEM alone
How is Hunters different from other XDRs in the market?

Hunters differentiates itself from other XDR platforms by being truly vendor-agnostic, fitting any customer stack. This is powered by a unique data processing pipeline that allows for seamless ingestion and advanced, automatic security analytics.

Hunters open XDR is a purpose-built security operations decision support system that transforms a SOC’s threat detection, investigation and response program.

Can I connect Hunters XDR to Incident Response tools?

Yes, you can. Hunters XDR will deliver its attack findings into SOAR or ticketing systems.

What security products and organizational tools does Hunters XDR integrate with?

Hunters integrations span across dozens of security tools such as EDR, NDR, Identity and Access Management, Secure Web Gateways, etc. from a wide variety of security vendors; data platforms; threat intelligence feeds and SIEM and SOAR.

For the full list of integrations please visit our Integrations page.

Want to learn more? Get a custom demo

Scroll to Top