Loading…

Threat Hunting Framework

ArcSight
Register   or Login

Description:

An IOC search and matching task on a SIEM is not always easy, yet always a time consuming task! The results and speed of testing a hunt hypothesis depend a lot on the data quality and SIEM performance. Threat Hunting Framework is built by Threat Hunters for Threat Hunters as a tool to speed up the daily searches. It tracks IP, URL, Domains and File hashes across all log sources you have connected to the SIEM. A dynamic data quality rating is calculated per each technology / log source depending on how many potential IOCs it has for matching. Framework can also distinguish the types of file hashes to further optimize the searches: for example, why search for an MD5 if 100% of hashes we collect are SHA-256? Threat Hunting Framework also tracks Data Acquistion to quickly identify and demonstrate newly on-boarded information sources that can be used for hunting tasks and highlight the gaps and interruptions in data flow.

Other integrations: