Skip to main content
Version: 2.12.0

Threat Hunting

About Threat Hunting

Threat Hunting is a data security module that provides anomaly detection for unstructured data. The module identifies unusual file activity patterns to detect potential security threats.

How It Works

The threat hunting module uses machine learning algorithms to monitor user file access patterns and identify deviations from normal behavior. The system establishes baselines for typical user activity and flags anomalous access patterns that indicate potential data exfiltration.

The module detects threats during reconnaissance (information gathering) and data exfiltration phases of ransomware attacks. During these phases, attackers probe file shares, analyze data structure, and identify encryption targets. The system detects anomalous access patterns including unusual file browsing activity and rapid read/write operations, then flags these events for review.

Key Features

Key Features

Confidence Scoring: The system calculates a confidence score for each detected anomaly that indicates how strongly the activity deviates from established behavioral baselines. Higher confidence scores indicate greater deviation from normal patterns, allowing security teams to prioritize investigations based on threat likelihood.

Complete Visibility: The system provides detailed information about file access events, including which files were accessed, user identities, and timestamps. User feedback on events helps the system refine detection algorithms and reduce false positives.

Security Stack Integration: The module integrates with existing security infrastructure including SIEM and SOAR platforms. Anomaly alerts can be forwarded to these systems to trigger automated response workflows and correlate file access patterns with broader threat intelligence data.

Installation and Licensing

To use this feature, you'll need to install our new module, now available as an add-on to your existing deployment and fully included under your current license. At the core of this feature is a commitment to keeping your data secure. Your data never leaves your on-premises environment.

Follow these steps to get started:

  1. Before You Begin

    Review prerequisites and gather required configuration details

  2. Configure ML Module

    Set up the machine learning environment and threat detection parameters

  3. Connect ML Module Components to ECA

    Install and configure components to connect with your ECA environment

  4. After Installation

    Learn how to use Threat Hunting in Managing the Solution

info

With AI-powered anomaly detection, your team can detect early, respond faster, and give your security team's visibility into what is happening in the data layer. Get started today and take your threat hunting to the next level.

Installation and Configuration

Using Threat Hunting