Whitelisting Import/Export Feature

Yet again we have received more awesome feedback from our customers!

AI-Hunter gives you the ability to “whitelist” IP addresses that you wish to exclude from your threat hunting analysis. It’s a popular feature, as you can whitelist based on individual IP address, subnets, or even full autonomous system numbers (ASNs). It’s a great way to move the stuff you understand out-of-the-way so you can focus in on the actual threats.

One of the requested features was the ability to share whitelists. For example, let’s say you have multiple analysts using AI-Hunter. You want to ensure they are whitelisting a consistent list of targets so that analysis becomes more consistent across multiple team members. We’ve even even had customers request a “best practice” list of systems to whitelist so they can quickly ignore targets that show beaconing behavior but are known to be safe (patching servers are a great example).

We are happy to announce that we have a new version going through testing that permits you to import and export whitelists. In fact, we took this feature one step further. With AI-Hunter, you will be able to load multiple whitelists and combine them together. For example, let’s say you are an international organizations with sites across the globe. There are some targets you wish to whitelist globally, but you have others that should only be whitelisted regionally. This new feature will permit you to create multiple whitelists and combine them as your needs require. Further, the save file is in JSON format. So you are free to edit and manage the lists outside of the AI-Hunter interface. Pro tip: Check these into your software repository (Github or similar) so you can maintain revision control.

We plan on including a default whitelist you can choose to load prior to analysis. This will include all of the IPs we’ve identified that exhibit beacon like behaviour but are actually legitimate (false positives).  

As always we love hearing from our customers so if you have comments or questions on any of the features within AI-Hunter please drop me a line.

 

 

Interested in threat hunting tools? Check out AC-Hunter

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!

Share this:
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To
Archives