FAQs

Hunters is a cloud-native platform built to support the entire SOC workflow: from data ingestion and retention, to threat detection, investigation and response.

Hunters SOC Platform empowers security teams to automatically identify and respond to incidents that matter across their entire attack surface, at a predictable cost. Through built-in detection engineering, data correlation, and automatic investigation, we help teams overcome volume, complexity, and false positives. Hunters mitigates real threats faster and more reliably than SIEMs, reducing security risk.

Hunters SOC Platform solves many of the problems organizations face with their SIEM today. These include:

• Siloed data: Hunters makes it possible for customers to unify their data by providing "always-hot" access to data with a predictable price model.
• Reducing operational overhead: The Hunters SOC Platform ingests, normalizes, investigates, scores, and correlates security telemetry and organizational data - providing faster time to value.
• Out-of-the-box analytics mapped to the MITRE ATT&CK framework: Hunters provides detection analytics covering endpoint, network and cloud telemetry, and the majority of security use cases.
• Reduced MTTD and MTTR: Connect your data to Hunters, the platform will start prioritizing events based on risk score, reducing noise and automatically correlating events.

Many organizations use SOAR to automate investigation, enrichment, and perform event correlations, whereas Hunters provides this ability natively.

The Hunters SOC Platform is designed to put you in a position where you have prioritized list of events that are actionable with clear understanding of what response is needed.

Hunters SOC Platform natively integrates with Snowflake's Security Data Lake, acting as the analytics engine - to help security teams achieve greater coverage. By combining Snowflake and Hunters, you can retain all your data without compromise and gain visibility across data silos.

Hunters SOC Platform combined with Databricks Data Lakehouse transforms the visibility of your SOC into security events - on a unified, cloud-native platform across all data streams from the entire IT and security environment. By integrating with the Databricks Data Lakehouse, Hunters enables customers to gain deeper insights and respond to threats more quickly and effectively.

Hunters correlates a broad variety of different telemetry, including IT, OS, User, Directory, Identity, HR, application, and more to help identify potential threats. As insider threat is difficult to detect. Hunters looks for specific indications that suggest malicious activity.

In order to move beyond the traditionally noisy UEBA capabilities provided by many SIEM vendors, Hunters takes a new approach: Multi-context UEBA. Multi-context UEBA implements automation, dynamic thresholds, and robust data correlation techniques to analyze malicious user behavior and policy violation across multiple data sources. Hunters’ pre-built UEBA detectors can identify anomalies across various contexts and time windows much better than many UEBA solutions while greatly reducing false positives. Customers can also choose to build their own UEBA detections. Read more about Multi-context UEBA on our blog.

Hunters provides out-of-the-box detection capabilities that cover most of the common security use cases across organizations, so that security practitioners can focus on the use cases that are unique to them. At Hunters we use the 80:20 rule depending on your solution, roughly 80% of your detection rules are similar to existing customers and only 20% will need customization.

With Hunters you get:

• Transparent Security Updates - All detection rules are pre-verified on real-world customer data to remove any false positives and excessive alerting, then deployed directly to all customer tenants without requiring and action or tweaking. This dramatically reduces risk exposure while reducing operational overhead.
• Automatic Investigation - Every alert is automatically enriched with information from various sources (e.g., user name from CrowdStrike with login records from Okta, IP addresses with threat intel information) and displayed to the analyst for faster triage and investigation, as well as advanced detection and scoring purposes.
• Graph Correlation - Alerts across entities and attack surfaces are automatically correlated on a graph. This capability highlights high-fidelity activity, improves investigation time, and allows leveraging low-fidelity signals that are often overlooked.
• Dynamic Scoring - Not all signals from same detection logic are treated the same. For example, leads with sensitive assets (e.g., C-level, domain servers, etc.) are prioritized, and risk for known benign behaviors is lowered (e.g., a binary signed by Microsoft).
• Threat Clustering - Alerts are automatically clustered together using proprietary "threat similarity" logic, reducing redundant work for up to 90% of alerts that may happen across days and weeks.

The Hunters SOC Platform serves very large organizations that need to ingest and process dozens of TBs per day. Our architecture is built for scale, and we offer unlimited ingestion enabling security teams to leverage all data sources across domains without compromise.

Our SOC Platform runs on AWS and using either Snowflake or Databricks as its data warehouse, which are both built to handle large scale data.

An MSSP delivers 24/7 human-based eyes on glass SOC or SIEM monitoring services. Hunters delivers a technology-based SOC platform, which automates a majority of the SOC workflow, from unlimited data ingestion, detection engineering as a service, to automated enrichment, correlation and investigations, for the analysts to promptly act upon and with full context. Hunters works with MSSPs including Access 42, Avantec, Axians, Kudelski Security and Socura to provide our customers with 24/7 monitoring services. 

Access 42, Avantec, Axians, Kudelski Security and Socura are some of the MSSPs that Hunters works with. 

Team Axon is a select group of technology professionals whose mission is to deliver world-class cybersecurity expertise, battle tested initiatives, and actionable insights to customers. Team Axon's capabilities include rapid response to emerging threats, proactive threat-hunting and on-demand investigations. To find out more about Team Axon's capabilities please click here. 

The Hunters SOC Platform already has dozens of technology integrations, and you can see our current ones here. We are also willing to look at additional integrations too, so if there is an integration that you don't see on our list, please feel free to contact us.

Hunters integrates with hundreds of data sources that can be easily connected to the platform, you can see some of our integrations here. 

To get started, we recommend connecting EDR telemetry, cloud logs and identity-driven data.

Unlike legacy SIEM solutions that force security teams to compromise on the data sources they can monitor and have visibility over, at Hunters we use an entity-based pricing model (i.e. the number of entities that are part of your organizational network): workstations, virtual machines and EC2 instances within the monitored environment. We also have optional components which include Security Data Lake, Team Axon and Professional Services.