My team and I have been working to create more content highlighting what makes VASA the leading Machine Learning-based security analytics solution on the market today. To that end, I’m excited to share with you the first in a series of video demos showcasing VASA’s world-class threat hunting capabilities.
Here’s a run down of what it covers. At the foundation of VASA’s threat hunting capability is the data it ingests and enriches in real time. This is stored in a high-performance and scalable database providing rapid query response for terabytes of stored data. Threat hunts can take one of three approaches using this query engine:
By creating a custom query from scratch
By using a saved query built by experienced security analysts or subject matter experts in your enterprise. (These can be particularly useful for first-level technicians.)
By using a query derived from the MITRE or Sigma repositories
The video provides examples of these approaches in action, though I want to say a bit more about number 3. Our out-of-the-box integration with MITRE and Sigma is one of the key ways threat hunting with VASA is set apart from other solutions. MITRE is an open source framework that defines detection capabilities at every stage of an attack; specifically, we integrate with the Cyber Analytics Repository, which allows users to execute each of these detections to look for artifacts in their networks. Sigma is an open source threat hunting repository maintained by the community at large, with all contributions tested and stored. VASA regularly updates with new MITRE and Sigma hunts. With access to these ready-made hunts directly within VASA, our customers stay at the top of their game, seeing considerable improvements in their capabilities and efficiency.
I’d love to hear back with your comments or questions about Threat Hunting in VASA, and I hope you find the video informative.
Stayed tuned for our next episode on VASA’s Splunk Integrations, to be released in the coming weeks.