Threat Hunting

User Investigator

Entity Inspector

The Entity Inspector is a sub-tool of the Asset AutoDiscovery module. It gives an in-depth analytics and details about a selected asset.

The Asset Summary contains details like IP address of the device, MAC address, last login detail, category of the device etc. It also lets you see if the device is managed or unmanaged as well as if it has end-point security in place.

Shadow 360

Shadow 360 gives complete visibility around any activity that raises a flag. Any anomalous trigger can be studied in depth through a specter graph, which entails the history of fluctuations in user activity. This allows the analyst to determine the criticality of any event whether from the past or present.

Shadow 360 has an advanced time series analytics that uses a Session Data model also known as session serialization; it automatically stitches together incident timelines including both normal and abnormal user activity, for all threats detected. This reduces the manual effort security analysts spend on investigations and increases their productivity. As each entity in the organization is linked and correlated with the kill chain stage it is in, and hence can act as predictive analytics to block a future breach. The security analyst can then go ahead and act to stop an attack before it actually takes place.