An easy, point-and-click interface
Traditional threat queries use the syntax of the SIEM, requiring an analyst to have knowledge of the query language. The point-and-click interface of Exabeam Threat Hunter simplifies the process of creating complex search queries, allowing analysts of any seniority to rapidly and easily engage in threat hunting by using searches that may otherwise may have been extremely difficult or impossible using traditional querying language.
Work with completed incident timelines
Threat hunting is typically an iterative, manual process where gathering evidence means copying data from raw logs. It often takes weeks, slowing response time and absorbing an analyst’s resources. Threat Hunter improves analyst efficiency by including Exabeam Smart TimelinesTM, machine-built incident timelines, for each user and device included in the search results to quickly put search results in context.
Behavioral threat hunting using MITRE ATT&CK
Threat hunting is increasingly difficult as attackers incorporate new and advanced techniques. There has also been a lack of a clear syntax to discuss these attacks. In response, many organizations have adopted the MITRE ATT&CK framework as a common framework for analysts to use. Threat Hunter helps analysts operationalize MITRE ATT&CK by allowing analysts to easily search for MITRE tactics and techniques across users and devices using drop-down menus and a point-and-click interface.
Security alert ID-based search
An alert ID, such as one from an anti-malware or DLP product, is the starting point for many security investigations. Unfortunately, a security alert ID-based search usually produces a sea of event logs. With Threat Hunter, searching for an alert ID produces results that include Smart Timelines that put the alert in context and provide situational awareness.