You asked and the Intel 471 engineering team delivered. As a HUNTER471 customer utilizing the Hunt Management Module (HMM), you can now “bring your own” (BYO) threat hunting content to the HUNTER471 threat hunting platform. This enhancement enables your threat hunting team to map your hunt queries and activities to our tried-and-tested methodology for managing hunts and measuring hunt performance metrics that matter to your organization.
BYO hunt content is an enhancement to the HUNTER471 HMM, an industry-leading centralized hunt management framework that enables consistent and repeatable hunt practices, whether you’re using hunt packages created by your internal teams or one from the HUNTER471 platform’s expanding library of hunt packages that our expert hunters create. With this latest Hunt Management Module enhancement, users of the HMM can add their own contextual threat intelligence, analyst notes, and research to their custom hunts in line with the HUNTER471 methodology. The HMM enables hunt leaders to assign, track, and manage hunts, store and manage hunt queries and findings, and measure key hunt performance metrics that demonstrate return on investment for hunt activity.
Threat hunting teams now can maximize their internally built hunt packages that focus on the approximate 10% of threats unique to their organization, industry, or a localized risk. This enhancement is a game-changing complement to the HUNTER471 hunt packages that address up to 90% or so of emerging and ongoing threats. HUNTER471 hunt packages created by our threat hunters have been verified by our experts to identify advanced behaviors, threats, and tactics, techniques and procedures (TTPs) that have bypassed reactive detection methods. Each package contains pre-validated queries that hunters can deploy within minutes on most major EDR, NDR, and SIEM platforms, helping them hunt down emerging threats and widely used malicious behaviors in their environment faster.
How does BYO hunts work on HUNTER471?
BYO hunt content allows customers with the HMM to keep all their hunt findings, evidence, and remediation in one place where they can leverage the module’s metrics and reporting for their hunt content and our hunt packages. Customers can align their BYO hunt content with the contextual intelligence and documentation we continually update in our HUNTER471 hunt packages, such as up-to-date threat intelligence and new TTPs, tactical runbooks, contextual information, and documentation our threat hunters provide to guide analysts throughout the hunt lifecycle. Just like our HUNTER471 packages, customers can also tag custom hunt packages with threat actors and map them to MITRE ATT&CK techniques.
All custom hunt content will be included in the HMM’s Hunt Module Dashboard, Reports, and Metrics, enabling teams to quickly view hunt performance metrics, such as activity, packages used, and threat actor and technique findings. Customers can create custom Hunt Templates, and then either add their content alongside HUNTER471 hunt packages or create net-new Hunt Templates based on their hunts. After creating a custom hunt package with their own hunt queries, customers can then add their context and content to their packages as outlined in the images further below.
Customers are presented the same hunt methodology the HUNTER471 hunt team uses to apply the following information:
- Query Logic per HUNTER471 support Tool
- Deployment Requirements
- Contextualized Intelligence:
- Actors, Malware, Severity
- MITRE ATT&CK TTP, Kill Chain, Diamond Model
- Threat Category, Target OSes
- Analyst Notes, Threat Descriptions
- Reference Links
- Response Actions
- Analyst Runbook
- Mitigation Recommendations
This update to the Hunt Management Module is another in our ongoing support of customers that want to bring their own content to the HUNTER471 platform. Stay tuned for further developments in early 2025!
