Threat hunting and detection engineering go hand in hand. Tailored hunting queries are great starting points for custom detections. We have a library of proven detections we can customize and deploy in your environment. Example detections include:
- Administrative actions initiated by users, or from systems that should never occur
- Creation of suspicious services in your environment
- Lateral movement through methods not used by your admins
- Access to administrative shares from non-admin systems
- Dual-use tooling not in your approved software list
- Tampering with security controls