AC-Hunter Dashboard

The Dashboard identifies which systems are most likely to be compromised and why. You no longer need to dig through millions of log entries to identify suspect systems. We are now doing the first pass of the threat hunt for you and providing a threat score for each of your internal systems. All in a single easy-to-read dashboard.

Beacons

Rather than focus on signatures for known bad actors, AC-Hunter detects consistencies and patterns in the behavior of backdoors. How? It utilizes a mixture of detection techniques that rely on attributes like an interval of connections, data size, dispersion, and advanced algorithms.

Deep Dive

While the other AC-Hunter modules focus on a specific threat vector, the Deep Dive module is designed to help assess the threat of a specific system. Let’s say that while you are reviewing one of the other modules, you identify an internal system that is acting suspiciously, but you are unsure if the system is safe or a threat. The deep dive module will show you all communications associated with that system so that you can make a more informed threat assessment.

Alerting

AC-Hunter can send log entries to Slack or any Syslog compatible system (Splunk, Arcsight, QRadar, Sumo Logic, etc). We alert on systems that have a consistently increasing threat score. So if you see that the threat score for a system is increasing 20% or more every few hours, it’s a strong indication that the system has been compromised and requires investigation.

Cyber Deception

The cyber deception module allows for the creation and monitoring of canary tokens. There are two types of canary tokens available. File-access tokens will generate an alert when a designated file has been accessed. User-access tokens will generate an alert when an authentication attempt is made against a monitored user, or a Kerberos ticket is requested for that user.