Please share with the community what you think needs improvement with Threat Hunting Framework.
What are its weaknesses? What would you like to see changed in a future version?
The nature of the system means it has to be implemented throughout the organization. You need to implement it on the network layer, the email layer, the web proxy layer, and also the endpoint tunnel. Monitoring the endpoint could be improved because customers are currently reluctant to get insulation from the endpoint because it requires a huge effort. We have about 40,000 endpoints and we need to have a simplified method of deployment if we're going to offer the endpoint effectively. Product features also need some improvement in creating custom signatures for detection because that is not open to customers.
What do you like most about Threat Hunting Framework?
Thanks for sharing your thoughts with the community!
I'm looking for a threat intelligence tool that can aggregate multiple threat intelligence sources. Is this type of tool available? If so, how much do these services cost?