This page contains information about new content released in the last month, and improvements and bug fixes to existing content.
This information, and information about all existing content, can also be found in the Knowledge Center in the Hunters portal.
Where it can be found
Suspicious Registry Run Key Was Written
Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Suspicious Run Keys model
Completes the runkeys leads by building a more dedicated score by analysing flags that are found in the lead.
Improvements and Bugfixes
hostnametravel_by based on
hostname_to_agent_idDrillDown. We won’t travel_by hostname if we see many different EDR agents on this IP (like VDI or Citrix XenApp).
domain_categoriesfield which classifies a domain into category, to the detectors:
DNS Server Data Exfiltration
Cobalt Strike DNS Beacon Detected
Tuned the scoring model of vulnerability management findings.