Intel 471 Guided Threat Hunts enables teams to measure hunt success metrics

Intel 471 launched Guided Threat Hunts, a new method-driven tool within the Hunt Management Module, part of our HUNTER solution.

As threat hunting for advanced adversaries continues to be an increasingly complex, time-consuming and resource-heavy process, Intel 471 is empowering threat hunters with the capabilities to craft their own queries and filters to more efficiently identify sophisticated threat behaviors that evade traditional detection methods.

“Threat hunt teams are constantly tasked with sifting through large datasets or collecting data to support a hypothesis on a specific threat. This presents a challenge for organizations experiencing persistent shortages of seasoned threat hunters or skills gaps among available analysts,” says Jason Passwaters, CEO of Intel 471. “Effective threat hunting is a priority in today’s cyber threat landscape, and Intel 471 is dedicated to providing threat hunt teams with the tools they need to grow their skills and expand their threat hunting programs to better defend their organizations.”

Guided Threat Hunts enables analysts to use Pivot Queries to ask intelligent follow-up questions on initial threat hunt searches within their own security platforms, while Filter Queries cut through the noise of query results. While our library of intelligence-driven threat hunt packages addresses over 80% of advanced threats, this enhancement leverages information across our cyber intelligence platform enabling hunt teams to cover down the last 20% of their organization’s unique risk.

This functionality equips hunters with the relevant information and context needed to capture critical data inputs – such as hostnames, process names and process IDs – to quickly find, neutralize, and report undetected threats.

Additional key features of Pivot Queries:

  • Enable users to explore multiple paths and ask additional questions related to the initial query
  • Provide expert guidance on how to move forward after executing an initial threat hunt query and focusing on notable artifacts worth investigating further

Additional key features of Filter Queries:

  • Assist users in modifying the initial query to fit their unique environment with exclusions that reduce noise from initial results and large datasets
  • Enhance standard operating procedures (SOP) for the team’s threat hunting methodology

As part of our HUNTER solution, Guided Threat Hunts can be implemented across major security XDR platforms. By allowing threat hunt teams to implement SOPs that align with their team’s methodology for structured threat hunts, practitioners can promote more accurate and effective hunts while also lowering the costs of onboarding new threat hunters.

“Intel 471’s Guided Threat Hunts is designed by threat hunters for threat hunters, so the heavy lifting is already addressed,” says Mike Mitchell, VP of threat hunt intelligence at Intel 471. “Our goal is to provide guidance tailored to the specific needs of teams of all sizes, empowering them to overcome uncertainties and confidently progress their hunts against the advanced behaviors and techniques of adversaries.”

More about

Don't miss