Infocyte HUNT version 3.1, Available for Upgrade
While finalizing our major 3.0 release this summer, we met with several partners and customers to discuss design changes to our reporting in Infocyte HUNT. We wanted to understand how to best present the three core elements of Infocyte’s threat hunting platform: Threats, Vulnerabilities, and Assets (Hosts and Applications).
Customers and partners indicated they needed reports to be:
- Meaningful to leadership and executives
- Detailed enough for our users to act on the report
We are proud to announce major progress on this promise with Infocyte HUNT version 3.1, available immediately for upgrade on the Infocyte Support Portal. Release Notes are summarized below:
3.1 What’s New
New Report Types
Users now have access to several expanded report types:
- Latest Threat Reports
- Vulnerability Reports
- Asset Reports (hosts and applications)
Each report has dynamic areas for a security analyst’s executive summary, analytics, statistics, and the individual findings presented in a format controlled by the user. Most reports are made up of the data, enrichment, flagging, and analyst notes that appear in the Analysis Page — try adding notes to your findings and starring them for inclusion in your next report.
New reports available, include:
- Threat Report, by Host – Lists all threats found (“Bad” or flagged by an analyst as “Verified Bad”) for each host
- Threat Report, by Threat – Lists all threats found (“Bad” or flagged by an analyst as “Verified Bad”) by unique hash
- Vulnerability Report – Lists all vulnerable applications found and the advisories (CVEs) for each.
- Asset Report, Hosts – Summarizes and lists all systems found and their accessibility status by Infocyte for the selected Target Group. This report is comprised of Discovery page data.
- Asset Report, Applications — Summarizes and lists all systems and installed applications This report shows collected data from the Analysis Page.
New Reports Manager
In addition to new report types, version 3.1 also has a new report generator and reports manager. You can now generate and save your own custom reports. Reports are generated via a background task and automatically notify you when they’re ready. These reports are a snapshot of the analyzed data at report time; if an executive summary needs to be changed, it can be loaded and re-saved. If new analysis data is available, simply generate a new report to reflect the new state.
Try generating a couple of different reports and let us know what you think!
In our early summer release, we added vulnerability and advisory lookups to the installed applications list — released with a “beta” tag while we collected additional data on how our algorithm would fair “in the wild.”
Our engine is fairly unique from some vulnerability scanners in that we don’t use large rule sets built by vulnerability signature teams. Instead, we rely on algorithmic matching to account for the various ways software is represented once installed and match it to the available details for reported vulnerabilities (e.g. published CVE data). This requires a lot of data processing and we are, for the most part, restricted to what our customers voluntarily share with us (for which we are very appreciative 😉).
With 3.1, we have fine-tuned the matching algorithm and built bridge tables to iron out inconsistencies in the vulnerability databases we use. Unfortunately, not all vulnerabilities are reported to the public with equal diligence to criteria and format, which left us with more false positives than we wanted. With the new vulnerabilities tuning, you’ll see significantly fewer — but more accurate — application vulnerabilities being reported.
We are monitoring the effectiveness of our matching algorithm to ensure accuracy and low noise, so please let us know if you see anything that raises questions.
Beta Test Program
We are continuously improving the quality of our cyber threat hunting platform, products, and services.
Please let us know if you have any questions, new feature suggestions, or comments you would like to share. If your organization is interested in preview releases as part of our Beta Program, send us a note and we’ll see if there is a match.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »