Seqrite XDR

Threat Hunting

Print Friendly, PDF & Email

Overview

Seqrite Universal Agent continuously monitors all activities on your machine and generates events in XDR. These events are evaluated against the rules defined in XDR. If an event matches a rule, an alert is generated. Events that do not match any rule are not ignored—they are stored in Threat Hunting for further analysis.

Threat Hunting enables detection and monitoring of events that are not yet documented in Seqrite or included in the rule builder. This feature helps track new or unknown malicious activities emerging in the cyber world.

  • Alerts generated from unmatched events are displayed under the Alerts tab.
  • Raw events are stored under the Processes tab.

Independent of rule creation or alert generation, users can proactively hunt threats using this feature.

Threat Hunting Interface

The Threat Hunting screen provides two search options:

  • Manual Search
  • File-based Search

Data Retention

  • Alerted events: retained for 30 days
  • Raw events: retained for 7 days

Manual Search

The Manual Search tab allows you to search events using filters and parameters.

  • Use the search bar with View and Host filters.
  • Add parameters, select the view period, and choose a host from the dropdown.
  • Search results are displayed under the Alerts and Processes tabs.

Actions

  • Export Results: Use Schedule Export or Export buttons to download search results.

  • Convert Raw Event to Alert:

    • Select a raw event from the Processes tab.
    • Click Create Alert at the bottom of the right panel.
    • Complete the Create Alert window.
    • Optionally, associate the alert with an incident using the Associate to incident button.

  • View Event Details:

    • Select a raw event to open its details in the right panel.
    • Click View details to access the Timeline page.
    • The timeline displays a tree structure of the event’s generation history.
    • Apply filters in the search bar to highlight specific information.

This detailed view helps determine whether an event is malicious and supports deeper analysis.

File-Based Search

The File-based Search tab allows bulk searching using a CSV file.

  1. Download the sample CSV template.

  2. Add desired details under the following headers:

    • IP Address
    • URLs
    • Domains
    • Hash Values

  3. Upload the CSV file to conduct the search.

  4. Uploaded files are listed on the File-based Search screen and can be used to run searches.

Was this page helpful?
Yes No