Threat Hunting
About Threat Hunting
Threat Hunting is a data security module that provides anomaly detection for unstructured data. The module identifies unusual file activity patterns to detect potential security threats.
How It Works
The threat hunting module uses machine learning algorithms to monitor user file access patterns and identify deviations from normal behavior. The system establishes baselines for typical user activity and flags anomalous access patterns that indicate potential data exfiltration.
The module detects threats during reconnaissance (information gathering) and data exfiltration phases of ransomware attacks. During these phases, attackers probe file shares, analyze data structure, and identify encryption targets. The system detects anomalous access patterns including unusual file browsing activity and rapid read/write operations, then flags these events for review.
Key Features
Confidence Scoring: The system calculates a confidence score for each detected anomaly that indicates how strongly the activity deviates from established behavioral baselines. Higher confidence scores indicate greater deviation from normal patterns, allowing security teams to prioritize investigations based on threat likelihood.
Complete Visibility: The system provides detailed information about file access events, including which files were accessed, user identities, and timestamps. User feedback on events helps the system refine detection algorithms and reduce false positives.
Security Stack Integration: The module integrates with existing security infrastructure including SIEM and SOAR platforms. Anomaly alerts can be forwarded to these systems to trigger automated response workflows and correlate file access patterns with broader threat intelligence data.
Installation and Licensing
To use this feature, you'll need to install our new module, now available as an add-on to your existing deployment and fully included under your current license. At the core of this feature is a commitment to keeping your data secure. Your data never leaves your on-premises environment.
Follow these steps to get started:
-
Before You Begin
Review prerequisites and gather required configuration details
-
Configure ML Module
Set up the machine learning environment and threat detection parameters
-
Connect ML Module Components to ECA
Install and configure components to connect with your ECA environment
-
After Installation
Learn how to use Threat Hunting in Managing the Solution
With AI-powered anomaly detection, your team can detect early, respond faster, and give your security team's visibility into what is happening in the data layer. Get started today and take your threat hunting to the next level.
Installation and Configuration
Before You Begin
Review prerequisites, important configuration notes, and gather required information before starting the threat hunting installation.
Configure ML Module
Configure the machine learning environment and set up threat detection parameters to optimize for your security needs.
Connect ML Module Components to ECA
Install and configure ML Module components to connect with your ECA environment, enabling data flow for threat detection.
Troubleshooting
Common installation issues and solutions for threat hunting setup and ML module configuration problems.
Using Threat Hunting
First Access
Learn how to access the threat hunting interface for the first time and navigate to the threat detection dashboard.
Understanding the Threat List
Learn about the threat detection interface, how threats are displayed, and how to interpret threat information.
Handling Threats
Understand the procedures for investigating threats and taking appropriate response actions.
Viewing Threat Details
Explore how to examine detailed information for both open and closed threats in the threat hunting interface.