This update was originally published on July 2023.
We’re glad to inform you that Hunters’ improved Threat Clustering abilities will be out of Beta status and released to all users on August 16, 2023.
Security teams spend enormous amounts of time triaging, investigating, and managing hundreds of alerts each day, many of which are identical with similar root causes, resulting in inefficient, and often frustrating, triage work.
Threat Clustering is a threat-centric approach for grouping, investigation, management, and analysis of leads based on similarities in malicious intent, impact, and/or context. By reducing the Time-to-Triage and Time-to-Know, security teams will be able to scope and mitigate attacks more quickly, using lessons learned from previous investigations and mitigation steps of similar past events.
Learn more about the threat clustering methodology.
What to expect
Starting August 16th, the Hunters platform will look and feel different as we plan to launch new views and designs to some of the pages.
The Leads page
Starting August 16th, the Leads page will show all leads aggregated into clusters and grouped by detector. To investigate leads, expand the detector group, inspect the cluster and the context group, and drill-down into the individual lead.
Learn more about how clusters appear on the Leads page.
The SOC Queue
The SOC Queue will allow you to choose whether to use the Unclustered view or the Clustered view. To use the clustered view, switch the view toggle to Clustered. You can also adjust the timeframe filter to include older Alerts that will be clustered, and use the sort and filter options to customize the queue as needed.
Learn more about how clusters appear on the SOC Queue.
New Cluster Details panel
Clicking on a cluster will open the Cluster Details panel. This panel is a summary of the cluster, providing status and classification statistics, cluster information, a lead grid, quick actions and more. All to allow you to quickly review all of the leads in the cluster and triage them.
Learn more about the Cluster Details panel.
Triage Booster indication
To learn more about the way threat clustering affects your efficiency, we’ve added the triage booster indication.
Working with threat clustering improves your efficiency and reduces time spent on triage and investigation. The platform will let you know, both globally and per cluster, how much time and effort you’re saving by using threat clustering.
Learn more about how we calculate this.
Additional resources
To learn more about how to work with threat clusters, try these useful articles: