CAPABILITIES
Automated Threat Hunting
Root Out Threats at Machine Speed
Jon Oltsik Senior Principal Analyst and ESG Fellow
Gartner PeerInsights
Rik Turner Principal Analyst, Infrastructure Solutions
Central IT Department University of Zurich
Key Features
Pre-built Playbooks
Leverage over 40 pre-built Automated Threat Hunting (ATH) playbooks spanning the entire attack surface – Windows login failures, DNS analysis, Office365 and more. Deep security expertise is not required to perform ATH, but can be used to create new ATH playbooks to complement pre-built ones. ATH continuously searches for behavior of interest so you don’t have to worry about missing anything.
XDR Kill Chain Alignment
User-defined playbooks identify behaviors not covered in out-of-the-box ones. These customized searches create alerts that can be mapped to the XDR Kill Chain and/or MITRE ATT&CK tactics and techniques to have a clean categorization and visualization of all your alerts for your security team
Automated Response
Respond automatically or keep a human in the loop – your choice. Full customization of actions is available when alerts or criteria are triggered from containing a host to opening a service ticket. Contextual Interflow provides information at your fingertips. Resolve incidents in minutes, not days or weeks.
Fast Search With Context
Contextual Interflow enriched with Threat Intelligence, Geolocation, user name, host name, etc provide information at your fingertips. Modern data lake for big data allows for storing large volumes of data and performing searches in machine speed. Alert triage and resolve incidents in minutes, not days or weeks