Examine detectors

  • Updated on Apr 30, 2025
  • Published on Oct 19, 2023

Hunters allows you to view and examine all of the available detectors in the system on the Detectors page. This comprehensive list of detectors includes Hunters detectors, custom detectors, and third party detectors. You can use the filters and search bar to find specific detectors.

image.png

View detectors

To view the entire list of available detectors in the system, navigate to Knowledge Center > Detectors.

Navigate to Detectors

📘Understand the Detectors page

  • Different types of detectors will have an indication as to their source:

    • Hunters Detectors - detectors developed and implemented by Hunters' security content teams.

    • Third Party - Detections arriving from the integration of different vendors and data sources.

    • Custom Detectors - Detectors created by you.

      image.png

  • For each detector, the page will display the detector name, status, description, data sources, base confidence, alert threshold, # of leads, alerts and clusters created by the detector, and Custom Scoring rules if exist.

Download detectors report

You can download a detailed Detectors csv report that provides more information about each detector.

To download the Detectors csv report:

  1. Navigate to Knowledge Center > Detectors.
     Navigate to Detectors

  2. Click Export to CSV.
     Detectors - export to csv

📘Understand the Detectors report

The report includes the following columns (among others):

Alert Settings columns:

  • Default Alerts Enabled - signifies whether this detector can generate alerts, according to Hunters default alert settings.

  • Default Confidence Threshold - signifies from which confidence level this detector can generate alerts, according to Hunters default alert settings.

  • Customer Alerts Enabled - signifies whether this detector can generate alerts, according to the customer’s alert settings override. This takes precedence over the Hunters default alert settings.

  • Customer Alerts Threshold - signifies whether this detector can generate alerts, according to the customer’s alert settings override. This takes precedence over the Hunters default alert settings.

  • Final Alerts Enabled - indicates the final status of the alert settings (taken from customer settings if available, else from Hunters default alert settings).

  • Final Alerts Threshold - indicates the final confidence threshold of the alert settings (taken from customer settings if available, else from Hunters default alert settings).

Data Sources columns:

  • Possible Data Source(s) - exposes which data sources this detector can run on.

  • Active Data Source(s) - exposes which data sources (which are currently connected to the customer environment) this detector can run on.

Identifier columns:

  • ID - the internal ID of the detector.

  • Open API ID - the external ID of the detector (relevant for custom detectors API management).