AI-Hunter v3.6.0 Is in the Wild!
I’m excited to announce that version 3.6.0 of AI-Hunter has been released! Thank you to all of our awesome partners that participated in beta testing and provided feedback. This really helps us to make a product that both simplifies and expedites the threat hunting process.
One of my favorite new features is that we’ve expanded the external research capability. For example, when you click on an external Ip address, you’ll see this:
You can now quickly jump to any of these investigation sources to help you determine if an IP address is a threat. Don’t see a resource that you like to use? We’ve also included the ability to add in your own. For example, Carbon Black Response users can add CBR to the investigation screen. This is a powerful feature, as it lets you quickly investigate which application on the internal system creates the connection being investigated. We will be building even more functionality info this feature over the next few months.
We’ve also made a major change to the way we do whitelisting. In the past, whitelisting was applied to modules but not to the score shown on the main screen. This was done to ensure that you would not miss something that was whitelisted accidentally. However, customers found this a little confusing so we updated whitelisting to keep it consistent across all screens.
Speaking of consistency, we’ve done a refresh of all of the modules to ensure consistency in reporting. In the past, some screens (like beacons) would display more data about the IP addresses under review than others (like long connections). As of this update, we now present consistent info across all modules.
All current customers can access the new version via their Portal account. Please be sure to check the release notes for install instructions. If you have any problems, do not hesitate to reach out to our support team.
Interested in threat hunting tools? Check out AC-Hunter
Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!
Chris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator, Chris has assisted multiple startups, helping them to improve their product security through continuous development and identifying their product market fit.