Threat hunting doesn't have to be complicated and doesn't require 10+ years experiences. TXHunter has made threat hunting so easy that everyone can do it. With TXHunter you can always get consistent result, no matter who performs the threat hunting.

Threat hunting doesn't have to wait for alert. Proactive threat hunting has been proven more effective to detect potential threat before attack. TXHunter's proactive threat hunting capability helps organization find vulnerabilities way before attack. What one is needed to do is to schedue TXHunter to perform threat hunting on daily or weekly basis, no need to wait for alert or event to trig.  

  • TXHunter built-in proactive threat hunting capability lets you schedule a routinely hunting on daily or weekly basis. You never need to wait for alert or even happens, find out potential threats and weakness before attack.
  • TXHunter's threat hunting goes deep and wide. It checks every currently running process and past ran process, their digital signature and their access to files, networks and registries. Even if a malware runs and disappears, TXHunter can explore its trace, even if the file has been deleted.
  • TXHunter investigates every aspect of system and applications that related to security sensitivities, and evaluates any changes made to those areas. If the change could lead to a potential threat or weakness, you will get detail report on it. Changes are compared with the baseline and last hunting result, as well as compare with other nodes. Each of such change is evaluated against security high standards.
  • TXHunter also checks system and application mis configuration. Many security breaches were led by mis configuration. Detecting and fixing the mis configuration issue at the earliest possible stage so that you can keep the system more secure.
  • TXHunter integrated with AV engine. When it hunts, it will also invoke AV scan process. You have an option to perform a full scan or quick scan. If you run Windows 10 and up, Windows Defender is called up for a quick scan during hunting time. You will also see Defender's status and reports.
  • TXHunter also checks DNS and network activities during hunting time. Any new connections or abnormal network traffic will be evaluated. The network suspicious activity and the associated process name/ID is reported. If TXShield is installed, you can isolate the endpoint from network for further mitigation need.
  • TXHunter scans IOC during hunting time. It has included over 30k+ IOCs published weekly. You can also upload your own IOCs for threat hunting. The IOC query capability is a fast and easy way to quick check if the endpoint system has been compromised or not. It can be identified by file's hash (md5, sha1 or sha256), ip address and port, url or dns, registry, process name, etc.
  • TXHunter allows user upload firewall logs for threat hunting. It will parse firewall log line by line, figure it out if an endpoint needs to be investigated.  This is easiest way to close the loop, not only highlight what has been detected on the wire, but also confirm if the endpoint has been attacked or not, so that you have the completed view from network and endpoint itself.
  • TXHunter checks into email inboxes for email born threat during hunting time. If you want to find out email phishing content, or malicious attachment, it's easy to instruct TXHunter to inspect each and every email inbox. The measurement can be done through email address from/to, email subject, email attachment file name or hash, etc., and the action can be query only or delete. 
  • TXHunter also checks all unknown executables that might be downloaded from website or USB. If it is not digital signed, it will be sent to AV scan, if not find result, it will then sent to embedded sandbox for behavior analysis. This is why TXHunter can find malicious file even if the file has not executed or complete unkown malware.
  • TXHunter performs auditing during hunting time. When you perform a threat hunting on the endpoint, it will automatically scan the system against NIST800-53, NIST800-171, STIG, CIS and Microsoft Windows baseline to check the compliance. It lists the auditing results in a simple table for easy view. 
  • All TXHunter results are presented in json format. You can easily pull them into your big data platform for data mining or integration. It has built-in syslog interface so that result can be streaming into your syslog server. TXHunter supports restful API for integration.
  • TXHunter has an unique IOD feature (Indicator of Defference). This is our invention. It highlights what has been changed to the system since last hunt or since last base line made. Each of such change is evaluated against the security high standard. If the change has made the system less secure, you will see a red check, if the change makes the system more secure, a green check, and if no change is made, you see a grey bar. This IOD shows you a very efficient and easy way of your system's secure posture. It is also a good way for IT help desk to quickly identify the possible cause of the troubleshooting issue.
Ad hoc ondemand hunting

Ad hoc ondemand hunting

Whenever you need to investigate a computer system, without install any permenate agent, you can download TXHunter ondemand agent to perform a threat hunting as ad hoc operation. It's very simple and easy, just following these steps:

  • Login TXHunter portal, goto download page, select Ondemand agent type, and click on download.
  • Once the agent is downloaded, abstract it into any folder.
  • Goto the abstracted folder, find txhunter.exe, right mouse select it and run it as Administrator.
  • Goto TXHunter portal page, select Investigation Center, you should see the new hunting is progressing, 30%.
  • Once it is done, usually wait for a couple of minutes, a clickable View button is showing up.
  • Click on View to bring up the report page, you shall see the hunting result in simple report format.
  • The ondamd agent will clean itself up after hunting process is completed. Nothing is installed on the endpoint system.
More...