Point and click search for efficient threat hunting.
Easy-To-Use Point-And-Click Interface
The Threat Hunter point-and-click interface simplifies the process of creating complex search queries. Now anyone in the SOC can quickly and easily engage in threat hunting by developing searches that otherwise may have been extremely difficult or impossible using traditional querying.
Work With Completed Incident Timelines
Traditionally, threat queries use the syntax of the SIEM — requiring an analyst with the right skills. When a threat is uncovered, the analyst must then gather remaining evidence by pivoting and querying their SIEM. This involves manual steps that can take weeks, slowing threat hunting. By contrast, Threat Hunter is designed for to be used by everyone, providing automatic incident timelines instead of logs for rapid and proactive threat hunting.
Threat Hunt using MITRE ATT&CK tactics and techniques
Threat hunting is increasingly difficult because new, more advanced threats are constantly being created for which analysts may not have a firm understanding. The MITRE ATT&CK framework solves this problem by providing a common framework analysts can use. With Threat Hunter, analysts can easily search for MITRE tactics and techniques across users and devices using drop-down menus and a point-and-click interface.