Version 3 is in the wild!

Although specifically, its version 3.1.4159 for all you Pi fans. 😉

This is a huge update that includes a lot of changes! We would very much like to thank our customers who were kind enough to submit feature requests, as well as the folks that helped out with beta testing. You’ve really made this a team effort.

Here’s a quick rundown of all of the new AI-Hunter goodness.

  • Rolling analysis of the last 24 hours rather than analysis in daily blocks. You can still do daily reviews, but the rolling data set will always contain the most current info.
  • The software now does the first pass at a threat hunt for you. This means the hunt is continuous, not just when you log into the dashboard.
  • Systems that achieve a threat score above a user defined threshold can be sent to your SIEM or Syslog compatible server as an alert.
  • Systems that achieve a threat score above a user defined threshold can be sent to a specified Slack channel as an alert.
  • Whitelisting is now persistent. You no longer need to apply a whitelist to each data set prior to analysis.
  • Individual and bulk delete of all whitelist entries.
  • Identify communications where the server’s digital certificate is invalid and add this to a systems overall threat score.
  • Identify unique SSL client hello sessions and add to a systems overall threat score.
  • Identify unique useragent fields and add to a systems overall threat score.
  • The amount of data transmitted to a blacklisted IP address is highlighted and weighted against a system’s threat score.
  • Well known ports are analyzed to ensure that only the expected applications are using them. Non-compliant session are weighted against the threat score.
  • Threat score weights can now be changed by the user. Use the defaults or customize for your environment as needed.
  • Combined RITA and AI-Hunter into a single platform to leverage performance improvements and feature enhancements.
  • Additional speed improvements. Analyzing large Internet links now uses a lot less CPU time.
  • Dramatically reduced storage requirements. Seriously, AI-Hunter uses 1/5 to 1/10 as much space to store historical data.
  • Beacon screen includes expanded capability when investigating remote IP addresses. Just click the IP address and a menu will appear.
  • You can now investigate external IP addresses as well as internal on the Deep Dive screen.
  • Historical data can be maintained based on age (example: delete all databases older than 30 days).

We will be returning to a regular release cadence after this, so expect to see more incremental improvements over the next few weeks.

 

Interested in threat hunting tools? Check out AI-Hunter

Share this:
AI-Hunter Datasheet
AI-Hunter Demo Video
Subscribe to Our Blog
Archives

Sign up for email notifications of our new blog posts, threat hunting training, webcasts and other relevant information.

We are not spammy and you can unsubscribe at any time :)

* indicates required