Threat hunting in a cloud environment is tricky. The span port we depend on to get a copy of all network traffic doesn’t usually exist in the cloud as there aren’t physical switches between virtual machines. However, even if we can’t capture traffic on the (virtual) network at a Cloud provider, we can still capture network traffic at each individual server.

Our developers at Active Countermeasure have created an integration between AC-Hunter and Azure that does exactly this! We now provide easy integration with Azure systems and are in the process of offering an appliance in the Azure Marketplace! This software will tell each machine to self-report its network traffic back to a new AC-Hunter server.

In this webcast, ACM developers Brian & Logan will discuss our journey in getting this integration deployed, walk folks through some of the caveats we ran into with network watcher, and discuss the current state of AC-Hunters integration with Azure. We will also have time at the end to answer questions from attendees on this new AC-Hunter feature.

Join our Threat Hunter Community Discord Server to join in on the conversation during and after the webcast: https://discord.gg/threathunter

Register Here