Threat Clustering (Beta) underwent significant changes and improvements, both in usability and visuality, based on Beta testers' experience with the feature.
About the Threat Clustering concept
Security teams spend enormous amounts of time triaging, investigating, and managing hundreds of alerts each day, many of which are identical with similar root causes, resulting in inefficient, and often frustrating, triage work.
Threat Clustering is a threat-centric approach for grouping, investigation, management, and analysis of leads based on similarities in malicious intent, impact, and/or context. By reducing the Time-to-Triage and Time-to-Know, security teams will be able to scope and mitigate attacks more quickly, using lessons learned from previous investigations and mitigation steps of similar past events.
Learn more about the threat clustering methodology.
What changed?
A cleaner way to scan clusters
The cluster representation in the SOC Queue or Leads page now looks clearer than before, while still providing critical information about the cluster, including the cluster’s risk score, the WHAT or WHO detected by the leads in the cluster, the number of leads in the cluster, the timeframe in which cluster leads were first and last seen (depending on the selected timeframe), the detector name and more.
Learn more about the cluster structure.
Inspecting a sample lead quickly
We’ve added a quick link to a sample lead which will allow you to open the most recent lead added to the cluster (in the selected timeframe) and examine it as a specimen even before deep diving into the lead details.
Learn more about investigating clustered leads.
Completely new Cluster Details panel
The Cluster Details panel was revamped and now sports a cleaner look and more useful information regarding the cluster. We’ve added status and classification statistics, reorganized the cluster information section, and added the lead grid at the bottom to allow you to quickly review all of the leads in the cluster and triage them.
Learn more about cluster details.
Understand the benefits
To learn more about the way threat clustering affects your efficiency, we’ve added the triage booster indication.
Working with threat clustering improves your efficiency and reduces time spent on triage and investigation. The platform will let you know, both globally and per cluster, how much time and effort you’re saving by using threat clustering.
Learn more about how we calculate this.
To become Threat Clustering Beta testers, reach out to your Hunters rep.