Automated Forensic Analysis

Automated Forensic Analysis

No question or IOC needed, hunting from nothing 

Automatically detects all types of threats and the potential risks

Automatical security posture measurement

Automatical behavior analysis on suspicious file/URL

Fully automated with FW/IPS/SIEM/EDR alerting systems

Easy to Understand

Easy to Understand

Designed for easy to drill down to the details

List key indicators (ATT/CK) with link to Mitre's articles

Executive view with clear prioriy list from triage result

Hunting results displayed on AlienVault

Support on-premise and cloud deployment

Powerful

Powerful

Detects APT, ransomware, backdoors, rootkits and hidden downloaders

Detects unusual network connections

Uncovers past abnormal activities

Discovers potential risks from misconfiguration

Easy to Use

Easy to Use

Point and click ad-hoc threat hunting, online/offline

Input FW/IPS logs to start hunting on all alerted systems 

Script to start hunting from SIEM or EDR (Cylance) events

Can be scheduled for proactive hunting/health checking periodically

T<span style="color:#c0392b">X</span>HUNTER

Performs Endpoint Forensic Investigations Remotely

TXHunter provides an easy to use and convenient tool for conducting threat incident investigations remotely. If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis. 

One of the key benefits of TXHunter is that it reduces the required skill level to do advance attack and malware analysis, speeds up the analysis process and helps identify advanced threats which can bypass the core defenses.

HOW DOES IT WORK?

Step 1 – Download the disposable one-time agent and run it on the target system

Step 2 - Collect data from the system and send to TXHunter server

Step 3 – Forensic analysis on collected data, and may request additional suspect objects from the target system

Step 4 – Generate a report includes verdicts and security posture measurement

More...
HOW DOES IT WORK?
WHAT DOES TXHUNTER COLLECT?

WHAT DOES TXHUNTER COLLECT?

TXHunter automatically collects system, process, network, autorun, event, policy, file, and kernel information from the system being investigated. This data is analyzed for suspect activities and any associated file objects found are uploaded to the server for full dynamic analysis.

More...

DEPLOYMENT

TXHunter supports flexible on-premise deployments for maximum data protection and confidentiality, where the only external communications used are queries to customer configurable external threat intelligence sources. Private and Public Cloud hosting options are also available such as for AWS.  It doesn’t require Microsoft Windows licenses which can save considerable costs for large deployments.

More...
DEPLOYMENT