Alerting

Actual Meaningful Alerts

AC-Hunter can send alerts using the Syslog protocol to any Syslog compatible system (Splunk, Arcsight, QRadar, Sumo Logic, etc).

Alerts tend to fall into one of two categories, either they trigger constantly (in which case you learn to ignore them) or they are extremely cryptic (in which case you don’t understand that they need to be investigated).

We alert on systems that have an initial high threat severity score or are consistently increasing in their threat severity score. So if you see that the threat severity score for a system is increasing every few hours, it’s a strong indication that the system has been compromised and requires investigation.