Introducing our Newest AI-capability—Transforming Threat Intelligence Into Instant Threat Hunts
Last month, we announced our first AI-capabilities to transform threat intelligence into validated protections. This set of features allows organizations to upload any piece of threat intelligence, no matter the form or format, and generate structured output in the form of detections and offensive security tests. We’ve worked closely with early customers to refine the outputs of those capabilities and automate their team’s manual work.
During these feedback sessions - our customers repeatedly asked for an additional capability to be developed - threat hunting. Often, security detection & response teams will start with transforming complex threat intelligence into threat hunting queries to answer the question “have we already fallen victim to this threat?”.
Threat hunting has historically been an extremely manual process. Security engineers craft complex queries to search for specific activities in a SIEM or XDR platform. Any level of automation exists only at the IOC level - through hashes, IP addresses, and other static artifacts. The challenge with hunting only for IOCs is that adversaries quickly change those specific indicators to evade these hunts - this is another symptom of what we call ‘threat intelligence decay.’
Instead, organizations turn to behavioral threat hunts - mapping their broader queries to TTPs. These queries are difficult to craft, are prone to false positives, and require platform-specific syntax. Our new capability handles all of that complexity and immediately transforms threat intelligence into hunt-ready queries.
In the video below - we show an example of transforming Phobos Ransomware threat intelligence into context-rich TTPs in <10 seconds, and immediately dive into hunting for the behaviors inside of CrowdStrike.
With the addition of this new AI-capability, detection & response teams can now holistically use the Detect platform:
- For threat intelligence teams - transform complex threat intelligence into context-enabled TTP mappings.
- For threat hunting teams - hunt for threat behaviors inside of XDR or SIEM platforms.
- For detection engineering teams - use the output of that threat intelligence to create EDR and SIEM-augmenting detections.
- For offensive security teams - validate the detections through safely mimicking the threat’s behaviors and signatures.
We will continue to refine these capabilities and develop additional capabilities that help organizations move at machine speed. If you’d like to partner with Prelude to accelerate your detection & response function, please contact us.