Review: Group-IB Threat Hunting Framework

2021-04-06 05:00

Perform advanced threat hunting using logs from THF Huntpoint, email channel, traffic and behavior markers of each analyzed file from any source.

THF Huntbox enables incident management, correlation of events and collaboration between analysts during threat hunting and IR activities.

THF can also be paired with CERT-GIB by sending telemetry data or IoCs for further investigation by experts, which can bring a higher level of expertise to complex incidents and increase the maturity level of your SOC. Figure 1 - Threat Hunting Framework's architecture with all available components.

THF Huntbox is a central management dashboard and reporting point of Group-IB Threat Hunting Framework.

Through the THF Huntbox interface, users can see event details, create reports and escalate incidents, as well as produce reports and do threat hunting in the local and global context.

After the installation of THF Huntpoint and THF Sensor modules, you get all of the tools for threat hunting in your organization out of the box.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/UjKb6o6FTpI/

#framework #threat