Sold by: Hunters
Hunters SOC Platform is a SIEM alternative, delivering data ingestion, built-in and always up-to-date threat detection, and automating correlation and investigation processes to reduce risk, complexity, and cost for security teams.
4
Overview
Improve your security analysts ability to see, understand, and respond to security incidents by ingesting data from AWS into a single, unified schema to facilitate automated analysis across your entire security stack.
Hunters SOC Platform is a modern, cloud-native alternative to SIEM that ingests, normalizes and analyzes data from all security and IT sources. Hunters makes it easy for security teams to connect data: No need to engineer, deploy and maintain ingestion pipelines. The platform delivers built-in and regularly updated detection capabilities, based on the MITRE ATT&CK Framework, increasing the effectiveness of threat detection and eliminating the need to regularly build and maintain detection rules.
With Hunters SOC Platform, security teams can focus on their unique use cases, knowing that the majority of the threat landscape is covered by Hunters detectors. The platform automates the correlation of signals and alerts from various sources, such as EDR, Cloud, Identity, and Network, as well as the triage and investigation process to minimize the time to respond (MTTR) and contain threats.
With Hunters SOC Platform, your team can quickly assess the scope of real incidents and effectively mitigate them.
Highlights
- Ingestion and normalization of telemetry at cloud-scale with unique automated detection capabilities.
- Visibility into AWS users and/or systems across different platforms.
- Correlated AWS session activities integrated into single stories and two-way insights and correlation between Cloud and EDR.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/12 months |
|---|---|
Hunters SOC Platform | $250,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Email support is offered Monday - Friday during normal business hours. support@hunters.ai
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Data Ingestion and Normalization
Cloud-scale ingestion and normalization of telemetry from security and IT sources into a unified schema without requiring engineered ingestion pipelines.
Threat Detection Engine
Built-in and regularly updated detection capabilities based on the MITRE ATT&CK Framework for automated threat identification across the security stack.
Cross-Platform Visibility
Visibility into AWS users and systems across different platforms with integrated session activity correlation into unified incident stories.
Alert Correlation and Automation
Automated correlation of signals and alerts from multiple sources including EDR, Cloud, Identity, and Network systems with two-way insights between Cloud and EDR.
Incident Investigation and Triage
Automated triage and investigation process to minimize mean time to respond (MTTR) and enable rapid assessment of incident scope and mitigation.
Threat Detection Engine
Library of 900+ out-of-the-box detections with user and attacker behavior analytics backed by community threat intelligence
Data Ingestion and Integration
Ingests CloudTrail, GuardDuty, EC2 network traffic, raw logs via SQS from multiple AWS accounts, on-premises networks, remote endpoints, and SaaS solutions
Investigation and Response Capabilities
Visual investigation timeline with detailed log timelines, automated response workflows, and instant actions such as asset quarantining
Deception Technology
Honeypots, honey credentials, and honey files for layered defense mechanisms
Compliance and Monitoring
File Integrity Monitoring (FIM) with support for PCI, HIPAA, and GDPR compliance requirements, plus detection of new AWS regions, services, and EC2 instance types
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
Standard contract
No
No
No
Customer reviews
VikramSingh8
Advanced detectors streamline threat monitoring with many use cases
Reviewed on Jan 10, 2025
Review provided by PeerSpot
What is our primary use case?
Hunter is a very new SIEM in the market. It is definitely a broad market for us as they are trying to establish a new place against competitors like Splunk and QRadar . This makes it challenging to establish themselves.
Hunter has an upper hand, which other SIEMs can learn from. They offer hundreds of inbuilt use cases that other SIEMs lack. We typically have to create each use case as a custom one. However, Hunter proactively provides a set of five to six hundred use cases, categorized based on cloud use cases, endpoint use cases, parameter use cases, and malicious use cases. We can select or enable these use cases according to our requirements, adjusting them to fit our customer environment and company environment.
They also provide the ability to tweak those use cases, numbers, timings, and thresholds as per our client or company needs. This is a great move by Hunter.
Another great move is their pricing model. Other SIEM tools base their license cost on the volume of data processed, often charging by how much TB or GB data is processed. Hunter, however, charges based on the number of data sources and the number of data entities integrated, which saves money. This helps us save a lot of money compared to releasing a lot of money with other SIEMs. However, Hunter still has a long way to go.
What is most valuable?
In Hunter, 'detectors' are a key term. Instead of calling them use cases or correlation rules, Hunter refers to them as detectors. Their inbuilt detectors are quite advanced and intelligent. We can use them freely without making any changes, though we can adjust thresholds to fit our environment's size. What's commendable is that they keep updating their detectors from the back end, maintaining continual efforts without client prompts. However, initially, they deactivated detectors without client approval, which impacted security monitoring as SOC engineers were monitoring alerts triggered by these detectors.
Hunter has since learned and improved their process by obtaining client approval first. They consistently update detectors to match the evolving threat landscape, ensuring the tool's uptime, resiliency, and availability. Additionally, they provide a niche module like UEBA (User Entity Behavior Analytics) free of charge, whereas other SIEM tools charge for it. This tool is vital for monitoring internal threats, especially among VVIP and VIP users.
Hunter also plans to expand features like spam score and reputation score insights within their tool, removing the need for external checks. They are at an early stage, but they are working on expanding this feature.
What needs improvement?
Hunter support is functional yet not exceptional. Their support engineers could be more advanced and faster in providing solutions. Their turnaround time could improve to match other tools. When feedback is provided, they consider it and indicate if it is in the development stage. They commit to fixing bugs and developing the module or feature, however, take quite a lot of time. I would rate their customer support as needing improvement.
Another area needing improvement is integration capabilities, as they are not yet fully compatible. Users still have to rely on third-party software or integration tools.
Furthermore, they should incorporate more GenAI capabilities, a current buzzword, and enable predictive use cases. Their tools should be capable of reading the environment, making adaptations, and automatically tweaking settings as per client or environmental needs, similar to capabilities provided by other SIEM tools.
For how long have I used the solution?
I have been using the solution for two years.
What do I think about the stability of the solution?
I've never encountered instability or downtime with Hunter. Their system ensures availability even during back-end advancements. It is reliable and maintains service readiness for clients, demonstrating considerable stability.
What do I think about the scalability of the solution?
Hunter has much to learn and is working to establish its market presence. Scalability-wise, they are attempting consistency amid feature development, yet occasionally they backtrack and take excessive time. While expected during their learning phase, I am confident their ongoing progress will lead to becoming one of the premier solutions available.
How are customer service and support?
Hunter support is functional yet not exceptional. Their support engineers could be more advanced and faster in providing solutions. Their turnaround time could improve to match other tools. When feedback is provided, they consider it and indicate if it is in the development stage. They commit to fixing bugs and developing the module or feature, and yet take quite a lot of time.
How would you rate customer service and support?
Positive
How was the initial setup?
For the initial setup, I would rate it out of 10. It was fine.
What about the implementation team?
I'll be honest. I was not part of the implementation. There were dedicated engineers from the client side and vendor side who managed implementation.
What other advice do I have?
Their knowledge base is good. When starting with Hunter, ensure you have one or two sessions to understand navigation, features, and modules, along with obtaining proper documentation. This will help SOC users navigate effectively due to their comprehensive knowledge base. However, initial sessions with the vendor are recommended to facilitate easier ongoing use.
Overall product rating is eight out of ten.
Leisure, Travel & Tourism
Day to day usage for getting all relevant security alerts in one place.
Reviewed on Nov 22, 2023
Review provided by G2
What do you like best about the product?
I like Hunters detections a lot as they are very reliable. Also, I appreciate the correlation mechanism that is used in order to get a complete picture of a possbile threat. This helps us reduce the noise from the events in the environment.
What do you dislike about the product?
I don't like that the API does not have all the endpoints needed for easy customisation.
What problems is the product solving and how is that benefiting you?
This platform gathers all the detections from all the security appliances which are installed and based on detection rules and correlation mechanism it triggers differents alerts which are then manually investigated by our analysts.