Ask New Questions
Threat Hunter is an advanced querying tool that uses Stateful Session data models to complement user behavior analytics. Exabeam Threat Hunter enables security analysts to search and pivot across multiple dimensions of user activity to find sessions that contain specific unusual behaviors or find users that match certain criteria. For example, an analyst might ask to see “all sessions where a user logged into the VPN from a foreign country for the first time, then accessed a new server for the first time, after which FireEye created a malware alert.” This level of analysis across disjoint activities and systems is simple with Exabeam. Now analysts can ask new questions. With Threat Hunter, machine learning provides intelligent answers, in addition to alerts.
Enable Any Analyst to Perform Complex Searches
It’s time to bring threat hunting out of the dark ages. Complex, proprietary query-languages such as those used by legacy SIEMs are archaic and prevent junior staff members from being productive in the task of uncovering adversaries lurking in your network. The query language approach requires an intimate knowledge of the SIEM system in use and a deep understanding of the specific security problems being searched for; neither of which your junior talent is likely to posses. This means proactive threat hunting is going to be relegated to your hard to hire SIEM ninjas.
Exabeam Threat Hunter takes an entirely different approach to threat hunting which brings proactive searching capabilities to everyone in the SOC. By leveraging a simple, point-and-click user interface, users can easily select search criteria from drop down menus and auto-populating fields to quickly create complex searches.
For example,an analyst can quickly find “all non-executive users who VPN’d in from China to log on to an executive asset” by selecting the appropriate activity type, geo location, and risk reason from Threat Hunter’s search criteria. This empowers junior staff by giving them the tools to quickly and easily perform a complex search that would otherwise be painful and time consuming for your most powerful SIEM wizard.
Search Based on Sessions
Exabeam Threat Hunter is also unique amongst threat hunting tools in that it returns entire user sessions, as opposed to singular events. These user sessions are based on Exabeam’s Session Data model which stitches all user behavior (normal and anomalous) into coherent timelines which provide immediate context for all incidents discovered. This automates the manual and tedious investigation by eliminating the need to gather data and reconstruct timelines. What would take days or weeks without Exabeam, is accomplished in seconds with the help of the Exabeam session data model.
- Lightning fast threat hunting of pre-constructed incident timelines
- Simple point-and-click interface empowers any analyst
- Session-search enables analysts to easily search for threats that would require complex or impossible queries
- Pre-built searches created by the Exabeam Security Research team help find emerging threats