AC-Hunter Alerting
Actual Meaningful Alerts
AC-Hunter can send log entries to Slack or any Syslog compatible system (Splunk, Arcsight, QRadar, Sumo Logic, etc).
Alerts tend to fall into one of two categories, either they trigger constantly (in which case you learn to ignore them) or they are extremely cryptic (in which case you don’t understand that they need to be investigated).
We alert on systems that have a consistently increasing threat score. So if you see that the threat score for a system is increasing 20% or more every few hours, it’s a strong indication that the system has been compromised and requires investigation.