Skip to main content

Proactive Threat Hunting

Download With Dependencies

The XSOAR Threat Hunting Pack enhances analyst capabilities by leveraging threat intelligence to uncover previously undetected threats, empowering proactive identification and mitigation of potential security risks.

What does this pack do?

The "Proactive Threat Hunting" pack for Cortex XSOAR enables users to initiate threat hunting sessions with the primary goal of identifying undetected threats within their environment. Hunting session summary will be displayed in the new "Threat Hunting" dashboard. This pack supports two distinct hunting methods:

  • SDO Hunting: Users can build hypotheses around specific STIX Data Object (SDO) indicators such as Campaigns, Intrusion Sets, or Malware. The pack allows for the search of Indicators of Compromise (IOCs) related to the selected SDO indicator, as well as the identification of tools and tactics used in the corresponding attack pattern.
  • Freestyle Hunt: This method empowers threat hunters to execute custom queries, upload their own IOCs, and conduct comprehensive searches and data enrichment on entities within the environment.
    Additionally, both hunting methods in the pack offer the capability to take remediation actions directly from the hunting session layout. This includes the ability to block IOCs, isolate endpoints, block accounts, and quarantine files, providing a holistic approach to threat hunting and response.
    Overall, the "Proactive Threat Hunting" pack enhances Cortex XSOAR's capabilities by allowing security teams to proactively explore and identify potential threats, providing a powerful toolset to enhance the organization's cybersecurity posture.

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 19, 2023
Last ReleaseNovember 28, 2024
Hunting
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.