The XDR
your SOC Needs
Hunters XDR elevates security stacks to detect threats at greater depth and scope, transforming petabytes of organizational data into attack findings.
Scroll to learn how.
Detection and Response at an Attacker's Pace
Do Not Touch !!

Flexible Ingestion
Connect data easily to start generating insights.


Threat Signal Extraction

Do Not Touch !!

Investigation and Scoring


Correlation

Do Not Touch !!

Actionable Attack Stories

Use Cases
01
Create account on Hunters’ open XDR platform

02
Connect your stack with a few simple clicks
03
Gain access to Hunters’ Knowledge Graph to:

USE CASE 1
USE CASE 2
USE CASE 3
Optional managed Threat Hunting and IR services
Use Cases
01
Create account on Hunters’ open XDR platform
02
03
Gain access to Hunters’ Knowledge Graph to:


USE CASE 1
USE CASE 2
USE CASE 3
Optional managed Threat Hunting and IR services
Competitive Comparison
SIEM
Single-Vendor /closed XDR
open XDR

Cloud based and scalable
No
Yes
Yes
Ingestion

Data sources support
Limited analysis support to a variety of data sources
Good analysis support for a vendor-limited products group
Deep analysis across 7 best-of-breed product categories, APIs and static tables

Data sources ingestion
Hard; requires extensive implementation
Easy
Easy.
Few clicks via a SaaS

Out-of-the-box detectors and alerts
No. Limited to a set of generic use cases. Requires extensive implementation
No. Limited to vendor stack
Yes.
Out-of-the-box detectors; no implementation or tuning needed
Detection

Detectors updates
No.
Requires daily efforts from engineering and SOC analysts
Yes
Yes.
Continuously updating and adding detectors according to latest attacks and threat analysis

Attack surface coverage
Limited coverage, minimal cloud coverage
Extended coverage,
vendor-limited
Multiple attack surfaces coverage: enterprise network, cloud environments, endpoint, SaaS, and more

Investigation
Automatic investigation
No. Manual
Yes. Limited to vendor-specific products
Yes.
Out-of-the-box enrichments and investigation playbooks

Scoring of threat signals
No.
Manual daily triage of hundreds of alerts and false positives
Yes
Yes.
ML based scoring points to the interesting threat signals

Correlation
Threat signals correlation
No.
Log correlation only. Limited because different logs work in different semantics
Partial
Yes.
Recursively extracting entities and correlating them on a graph to find highly suspicious attack stories

Weak signals coverage
Included with no context
Not necessarily included
Included and contextualized

Alerting
Many alerts and false-positives
Fewer alerts
No singular alerts. Highly correlated findings
Packaging

High fidelity incidents
Not included
Not included
Included

Cost
Based on data volumes. Requires hiring
Based on storage. Premium pricing from existing products
Fixed charge. Does not
require hiring
Competitive Comparison
SIEM
No
Single-Vendor/
Closed XDR
Yes
Open XDR
Yes
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Open XDR
Yes.
Out-of-the-box detectors; no implementation or tuning needed
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Yes
Open XDR
Yes.
Out-of-the-box enrichments and investigation playbooks
SIEM
Single-Vendor/
Closed XDR
Yes
Open XDR
SIEM
No.
Log correlation only. Limited because different logs work in different semantics
Single-Vendor/
Closed XDR
Partial
Open XDR
Yes.
Recursively extracting entities and correlating them on a graph to find highly suspicious attack stories
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Single-Vendor/
Closed XDR
Open XDR
SIEM
Based on data volumes. Requires hiring
Single-Vendor/
Closed XDR
Open XDR
Fixed charge. Does not
require hiring
Hunters FAQ

Hunters XDR doesn’t provide alerts, but high-fidelity incident reports that expose threats and risks, and outline a complete attack story, including: timeline, path, target, impact and required remediation steps.
Yes, Hunters’ extraction engine can detect known IOC and vulnerability signatures, as well as behavioral attack signatures that require context and advanced analytical capabilities.
Hunters XDR detects attacks as they happen, and provides near real time findings from the very early stages of an attack operation.
Yes, the Hunters team constantly researches new attack TTPs (Tactics, Techniques and Procedures), and develops effective hunting methods to intercept those. The solution is being automatically updated with hunting methods for the latest attack techniques.
Hunters’ deployment is swift and agentless. The solution is cloud based, connects with your existing environment.
Not necessarily, but it is recommended. You can either bring your own, or utilize Hunters’ integration with Snowflake.
No, Hunters XDR is cloud based, uses an agentless technology, and does not require anything deployed on the endpoints aside for your existing EDR solution.
No, Hunters XDR also utilizes SIEM feeds, and works very differently from it:
- Hunters is focused on proactive detection; picking up weak, overlooked signals
- Hunters is a machine-led solution, while SIEM requires many human resources
- SIEM solutions create many alerts and little findings, Hunters is focused on high confidence findings
- Hunters connects and ingests raw, big data, proactively looking for attack TTPs
- Hunters interconnects sparse organizational data sources and security telemetry
- Combining Hunters with your security data lake can lead to better results than SIEM alone
Yes, you can! Hunters XDR will deliver its attack findings into SIEM/SOAR/Ticketing systems.
Preferred: Supported EDR logs, Cloud IaaS logs, Identity provider logs, Security gateway logs
