What is Open XDR?

Open XDR — Extended Detection and Response — is an emerging set of technologies aimed to collect and automatically correlate data from multiple security and IT sources, unifying them into a single threat detection, investigation, and response platform.

Holistic approach to data and security analytics:
  • Cloud-native, designed to see and extract attack activity across mixed/hybrid environments from all domains (endpoint, network, identity, cloud), with limitless data scale 
  • Retains the data over time, ensuring sufficient coverage for incident investigation and forensics, and accelerating response measures
  • Turn-key solution offering seamless deployment, low maintenance, and out-of-the-box always up to date detection capabilities
  • Packaged threat hunting-level expertise and automated incident investigation
Attack Surface Incidents Orange

How it Works

Open, Seamless Data Ingestion

Using cloud connectors to pipe into existing security tools, or directly connecting to SIEM, Hunters XDR ingests logs, events and telemetry from dozens of data sources on-premises and in the cloud.

Detection Engine

Hunters XDR extracts both raw data and alerts from existing security data using a stream processing analytics technology which enables near real-time processing and complex analytics. Threat signal extraction is guided by Hunters’ TTP-based detections.

Automatic Investigation

In order to accelerate analyst understanding of threat signals and alerts, Hunters runs automatic investigations. It fetches all relevant information associated with those, and automatically enriches them with further context.

Dynamic Prioritization

Once there is enough context around threat signals and alerts, Hunters XDR leverages ML to dynamically score them from 0 to 100, allowing for an easy prioritization and quick triage. As more data is ingested, prioritization continues to update as insights evolve too.

Correlated Attack Stories

Hunters XDR uses unsupervised machine learning to correlate signals and alerts across disparate areas of suspicious activity in an interactive graph, and surfaces actionable Attack Stories which include full attack summary and outline.

Workflows and SOAR

With Hunters XDR, detection and response can be streamlined by escalating Attack Stories into SOAR tools and other existing workflows, enabling response automation and reducing attackers’ dwell time.

Key Platform Capabilities

Open Data Model and Flexible Ingest (Cloud-Scale)

APIs and cloud connectors integrate with security data sources, without the need for agents.


Packaged cyber expertise enables ready-to-use detection

Guided by TTP-based attack intel as well as customer-defined detections, Hunters XDR extracts threat signals and alerts from existing security data and automatically maps them onto a MITRE ATT&CK technique across surfaces.


Automatic Investigations Enriched with Context

Mapping of all key entities involved in an alert and all of its relevant associated attributes, and providing context to enable a thorough understanding and prioritization.

Full Attack Stories Built from Graph-Powered Correlation of Signals
A dynamic Graph presents interactive signal relationships of attack elements across surfaces. Correlated signals are packaged into Attack Stories providing a contextual view of an incident.

XDR as a SIEM Replacement


Open XDR is becoming the modern alternative to SIEM, addressing fundamental gaps in data scalability, threat detection, and incident response. A purpose-built, turn-key XDR platform is better designed to fulfill the needs of the modern SOC: 

  • Leverage data from all data sources, without compromising on retention and usability at a predictable, more affordable cost
  • Offload data engineering tasks, with built-in ETL, data normalization, and automatic cross-correlation
  • Stop tasking analysts with tool configurations, endless rule-writing, and maintenance
  • Automate detection and event prioritization with a built-in detection engine mapped to the MITRE ATT&CK framework 
  • Employ auto-investigation capabilities to simplify the most challenging part of the operation and accelerate MTTR



Hunters XDR Datasheet

Learn more about Hunters' open Extended Detection and Response solution

Webinar Replay

Watch the webinar replay "Open XDR in the Modern SOC"

Demo of Hunters XDR

Watch a demo preview or get a personalized one to see Hunters XDR in action


What is required to deploy Hunters XDR?

Deployment is simple and swift, no agents required. The solution is cloud-based and connects with your existing environment.

Do I have to own a data lake to use Hunters XDR?

Not necessarily, but it is recommended. You can either bring your own, or utilize Hunters’ integration with Snowflake.

Does the solution detect attacks in real time?

Hunters XDR detects attacks as they happen, and provides near real time findings from the very early stages of an attack operation.

Is Hunters XDR a replacement for SIEM?

Yes, Hunters XDR can augment or replace your SIEM.

  • Hunters is focused on proactive detection; picking up weak, overlooked signals
  • Hunters is a machine-led  solution, while SIEM requires many human resources 
  • SIEM solutions create many alerts and little findings, Hunters is focused on high confidence findings
  • Hunters connects and ingests raw, big data, proactively looking for attack TTPs
  • Hunters interconnects sparse organizational data sources and security telemetry
  • Combining Hunters with your security data lake can lead to better results than SIEM alone

You can learn more about it here: SIEM Replacement with Hunters XDR

How is Hunters different from other XDRs in the market?

Hunters open XDR is a purpose-built security operations decision support system that transforms a SOC’s threat detection, investigation and response program.

Can I connect Hunters XDR to Incident Response tools?

Yes, you can. Hunters XDR will deliver its attack findings into SOAR or ticketing systems.

What security products and organizational tools does Hunters XDR integrate with?

Hunters integrations span across dozens of security tools such as EDR, NDR, Identity and Access Management, Secure Web Gateways, etc. from a wide variety of security vendors; data platforms; threat intelligence feeds and SIEM and SOAR.


For the full list of integrations please visit our Integrations page.

Can I use Hunters XDR as a Threat Hunting platform?

Yes. Hunters XDR provides an unparalleled platform for threat hunting: using Hunters’ open XDR, analysts from any tier can easily perform hunting activities, and for threat hunters, using the Hunters platform they can easily hunt on any domain by having overall visibility over the entire attack surface and removing the constant context-switching of looking at multiple tools.