Skip to main content
Version: 2.12.0

Threat Hunting

Introduction

Threat Hunting is a security tool that detects and prevents data exfiltration (unauthorized removal of sensitive data from a computer or network) before damage occurs, helping security teams identify unusual user behavior that may indicate insider threats or ransomware attacks. Using artificial intelligence and machine learning algorithms, the system analyzes patterns to detect potential security issues, extending cyberstorage protection beyond infrastructure resiliency by adding behavioral analysis capabilities.

Key Benefits of Threat Hunting
  • Strategic Awareness - Detects anomalous behavior and suspicious access patterns, enabling earlier detection and faster response to potential threats
  • Integration with Security Tools - Seamlessly interfaces with your current security infrastructure, streamlining investigations and facilitating faster incident response
  • Confidence Scoring - Uses intelligent scoring to reduce false positives by providing context that helps security teams prioritize and address actual threats
  • Detection of Data Exfiltration - Identifies behaviors that might indicate impending data theft, moving your posture "left of boom" (taking preventive action before an attack can cause damage) to prevent incidents
  • Easy-to-Use Interface - Offers an intuitive dashboard where users can examine detected anomalies and take action without needing technical expertise
  • Security Team Alignment - Designed for security professionals with workflows that address their specific requirements and operational needs

This guide will take you through the process of setting up and configuring the threat hunting module for your Eyeglass environment.

Before You Begin

Prerequisites

  • ECA and Eyeglass system

    ECA Setup

    Working ECA and Eyeglass with configured nodes. See ECA VM Guide for setup help.

  • ML Module server

    ML Server Specs

    Server with 4 CPU cores, 16GB RAM, 100GB storage. See VM Guide.

Required Configuration Details

Before starting the installation, gather these essential connection and authentication parameters:

Required InformationDescriptionHow to Obtain
ML module IP address and portConnection details for ML serverRun kubectl -n haproxy-controller get services
ECA node IP addressesAll ECA server IPsSee ECA management guide - run ecactl cluster exec hostname -I to list all node IPs
Eyeglass server IPEyeglass management server addressCheck your Eyeglass deployment documentation or run hostname -I on the Eyeglass VM
Eyeglass tokenAuthentication token for API accessGenerate through Eyeglass Integrations section
Eyeglass public keyRSA public key for secure communicationRun cat /opt/superna/eca/data/common/.secure/rsa/isilon.pub on any ECA node
Kafka connection infoStreaming data service detailsRun ecactl cluster exec hostname on ECA master to get Kafka node hostnames

Installation and Configuration