AC-Hunter Primary Features
Dashboard
Dashboard
Visualize your network hosts sorted by Threat Rating Score with a cumulative point breakdown of Threat Activity to quickly identify suspect systems.
Beacons
Beacons
AC-Hunter detects consistencies and patterns in the behavior of communications and utilizes a mixture of detection techniques.
Beacons FQDN
Beacons FQDN
This is useful for cases where an internal host is beaconing out to an external host through the use of an FQDN.
Beacons Proxy
Beacons Proxy
This is useful for detecting beacons in some environments in which hosts communicate to the internet through one or more proxy servers.
Strobes
Strobes
Strobes are similar to beacons, however, Strobes are rapidly repeated connections between two IP addresses.
Long Conns
Long Conns
One way attackers attempt to evade beacon analysis is by creating persistent connections. These will display as long connections.
Threat Intel
Threat Intel
View connections that occurred between systems that appear on one or more customizable internal or external threat intel feeds.
DNS
DNS
DNS can be used by attackers as both a covert communication channel, as well as a way to exfiltrate data out of a network.
Client Signature
Client Signature
The client signature module is used to identify systems on your network that communicate in a unique fashion within your environment.
Cyber Deception
Cyber Deception
The cyber deception module allows for the creation and monitoring of file-access and user-access canary tokens.
Deep Dive
Deep Dive
While the other AC-Hunter modules focus on a specific threat vector, the Deep Dive module is designed to help assess the threat of a specific system.
Safelisting
Safelisting
Safelists can be created based on IP address, fully qualified domain name (FQDN), autonomous system numbers (ASN) or company name.
Alerting
Alerting
AC-Hunter can send threat alerts to Slack or any Syslog compatible system (Splunk, Arcsight, QRadar, Sumo Logic, etc).