Cybereason Blog | Cybersecurity News and Analysis

Cybereason XDR: Intelligence-Driven Hunting and Investigation

Written by Dan Verton | Mar 9, 2022 2:30:00 PM

For many Security Operations Centers (SOCs), conducting useful queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt. 

At an enterprise scale, searches can take several minutes or longer to complete, making SIEM solutions cumbersome to derive new insights or successfully connect threat intelligence and investigate matches.

Threat intelligence is often only matched against newly ingested data, creating coverage gaps and missed threats. In addition to limited IOC monitoring, SIEMs also lack the necessary data retention to effectively leverage threat intelligence.

Threat intelligence is transparently integrated into every corner of the AI-driven Cybereason XDR Platform. Automatically leveraging Machine Learning to amplify internal and external IOC threat sources in the threat detection process. But the real power comes from being able to hunt for behavioral tactics, techniques, and procedures (TTPs) based on more subtle Indicators of Behavior (IOBs).

Let’s take a look at the hunting and investigation capabilities of the Cybereason XDR Platform. In the following demo, we explore:

  • How easy it is to hunt for TTPs related to the Log4j vulnerability
  • How Cybereason XDR’s Binary Similarity Analysis can identify previously unknown (obfuscated) malware based on its similarities to existing malware
  • How analysts can use the Historical Data Lake to query up to two years of historical data and select what data to unarchive, or replay, for the purposes of performing more in-depth queries and hunts


Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason DFIR advantage here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.