Introducing Exabeam Threat Hunter - Exabeam

Introducing Exabeam Threat Hunter

February 17, 2016


Today we announced the availability of Exabeam Threat Hunter, a new product that raises the bar for the UBA market. While UBA is focused on using data science to notify an analyst about users who deserve attention, Threat Hunter completes the picture by giving an analyst the ability to query, pivot, and drill down into user sessions that match any combination of attributes and activities. In short, if UBA is about the machine telling the analyst what to watch, Threat Hunter is about the analyst telling the machine what to find.


In the example above, a SOC analyst is concerned that a recent malware attack in the marketing department might not be completely removed. The analyst begins by using Threat Hunter to ask for every Marketing user who recently tried to perform account management (account creation, privilege escalation) and also had failed logons or an account lockout. Threat Hunter quickly returns all user sessions that fit the criteria, below:


The analyst filters the result set further by also asking for sessions where the password was recently changed. We see a web developer in the marketing group with many recent failed logons, account management activity, and password changes.

Clicking on this session, Threat Hunter instantly displays the activities within this employee’s session, the reasons behind the risk elevation, and her baseline behavior. For example, on the right we can see  the times she is normally in the office and working. Taken together, the results show a user whose account has likely been compromised and is being used for data exfiltration or in preparation of some other attack.


Again, the analyst wasn’t required to understand the structure of the underlying logs nor the search language of the underlying SIEM system — Splunk expertise is not required. Threat Hunter puts advanced search tools in the hands of users who need them, enabling more effective detection of subtle attacks. Used with Exabeam’s flagship UBA product, Threat Hunter improves threat detection and SOC efficiency, making SOC and IR teams much more productive.

Want to learn more? Download a data sheet or register here for a live demo of Threat Hunter today.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

New Features in Exabeam Content Library Now Available 

Read More

Recent Information Security Articles

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More