Introducing Exabeam Threat Hunter - Exabeam

Introducing Exabeam Threat Hunter

Published
February 17, 2016

Author

Reading time
2 mins

Today we announced the availability of Exabeam Threat Hunter, a new product that raises the bar for the UBA market. While UBA is focused on using data science to notify an analyst about users who deserve attention, Threat Hunter completes the picture by giving an analyst the ability to query, pivot, and drill down into user sessions that match any combination of attributes and activities. In short, if UBA is about the machine telling the analyst what to watch, Threat Hunter is about the analyst telling the machine what to find.

Ex_TH_EnterParameters.png

In the example above, a SOC analyst is concerned that a recent malware attack in the marketing department might not be completely removed. The analyst begins by using Threat Hunter to ask for every Marketing user who recently tried to perform account management (account creation, privilege escalation) and also had failed logons or an account lockout. Threat Hunter quickly returns all user sessions that fit the criteria, below:

EX_TH_ResultsList.png

The analyst filters the result set further by also asking for sessions where the password was recently changed. We see a web developer in the marketing group with many recent failed logons, account management activity, and password changes.

Clicking on this session, Threat Hunter instantly displays the activities within this employee’s session, the reasons behind the risk elevation, and her baseline behavior. For example, on the right we can see  the times she is normally in the office and working. Taken together, the results show a user whose account has likely been compromised and is being used for data exfiltration or in preparation of some other attack.

Ex_TH_AngellaDetail.png 

Again, the analyst wasn’t required to understand the structure of the underlying logs nor the search language of the underlying SIEM system — Splunk expertise is not required. Threat Hunter puts advanced search tools in the hands of users who need them, enabling more effective detection of subtle attacks. Used with Exabeam’s flagship UBA product, Threat Hunter improves threat detection and SOC efficiency, making SOC and IR teams much more productive.

Want to learn more? Download a data sheet or register here for a live demo of Threat Hunter today.

Similar Posts

The Next Wave of Innovation in SIEM, Security Analytics and TDIR

Are You Thinking About Shifting Your SIEM to the Cloud?

What’s New in Exabeam Product Development – May 2022




Recent Posts

The Validation of Open XDR

Exabeam News Wrap-up – Week of June 20, 2022

Exabeam in Action: Stopping Lapsus$ in Their Tracks

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!