To save analysts time, once data is ingested from different sources (cloud, endpoint, network, identity, email, etc.), it is organized into a unified schema. This eliminates the need for data engineering work. Then it is ready to be analyzed for detection and, if needed, investigation.
Detection-wise, Hunters AI also brings value to threat hunters. It removes the burden of rules creation and maintenance from your threat hunters’ shoulders with a detection engine to enable you to assess your threat coverage and detect loopholes ith the MITRE ATT&CK framework.
Finally, when it comes to investigation, Hunters AI provides a graph-based correlation to create stories out of the events to facilitate their understanding and, ultimately, to simplify the triage process by automatically linking relevant data. To that end, the platform prioritizes incidents based on their risk score and populates the story with relevant details (root cause, timeline, affected users/devices, etc.).
From that point, Hunters AI provides its users, especially when they can orchestrate the solution functionalities from Mindflow, with reliable detection and investigation capabilities to move on to the containment and remediation phases.
