Seqrite HawkkHunt – Get the Hawkk advantage

Seqrite HawkkHunt dashboard has two different themes, light and dark. To change the theme of the dashboard, click the toggle button on the upper right corner.

Choose a category to find the help you need

Frequently Asked Questions

Seqrite HawkkHunt complements Seqrite Endpoint Security Cloud, by adding the detection layer. It monitors activities on endpoints, detects suspicious behaviour, and allows Incident Responders to take remediation actions. Seqrite HawkkHunt is effective against advanced cyber attacks, which remain active within an organization’s network for several days & months. With Seqrite HawkkHunt you can reduce this “dwell time” (duration for which an attack remains active within an organization before discovery) and minimize the impact of a cyber attack.

Seqrite HawkkHunt collects interesting data from endpoints, processes the data through correlation engine, looks for interesting patterns, and generates alerts when some potentially malicious activities are identified.

The following configuration is required for the HawkkHunt agent to be installed.
Operating System System Requirements
Windows 10, Windows 8.1, Windows 8 Processor: 1 gigahertz (GHz) or faster
RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
Windows 7 ( Only if "KB4474419" and "KB4490628" MS patches are applied) Processor: 1 gigahertz (GHz) or faster
RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
Windows XP Service Pack 2 Processor: 300 Megahertz (MHz) Pentium or
faster
RAM: 512 MB
Windows Server 2019, Windows Server 2016,
Windows Server 2012 R2/ Windows Server 2012
Processor: 1.4 GHz Pentium or
faster
RAM: 2 GB
Windows Server 2008 R2( Only if "KB4474419" and "KB4490628" MS patches are applied) Processor: 1 GHz for 32-bit or 1.4 GHz for 64-bit
RAM: Minimum 512 MB (Recommended 2 GB)
Windows Server 2003 Service Pack 2 Processor: 550 MHz for 32-bit or 1.4 GHz for
64-bit
RAM: 256 MB for 32-bit or 512 MB for 64-bit

Seqrite HawkkHunt sensor, once installed, monitors various activities on the endpoint; collects interesting events, and sends them to HawkkHunt backend. Sensor is also responsible for executing remediation actions that are selected by the Incident Responder.

Seqrite HawkkHunt complements Seqrite Endpoint Security Cloud, which is responsible for Protection. HawkkHunt adds the detection layer.

Version 1.1 of Seqrite HawkkHunt supports Windows based PCs. In later versions, support for other operating systems & platforms will be added.

Yes. It is seamless. The sensor gets installed as a part of EPS Cloud client installation process.

Seqrite HawkkHunt v1 works alongside Seqrite Endpoint Security Cloud. Support for third party Endpoint Security products will be added at a later time.

Microsoft has deprecated support for SHA-1 and recommends using only SHA-2 signed certificates. Hence, Seqrite products will use only SHA-2 certificates. The following operating systems would not be supported unless the appropriate Microsoft Windows patches are applied to make it compatible with SHA-2.

    Windows Vista – No Longer supported

    Windows Server 2008(below R2) – No Longer supported

    Windows 7. To continue using your Seqrite product with this operating system, please apply "KB4474419" and "KB4490628" MS patches.

    Windows Server 2008 R2. To continue using your Seqrite products with this operating, please apply "KB4474419" and "KB4490628" MS patches.

    Windows Server 2012, Windows Server 2016, Windows Server 2019 and later are supported. No action required.

MITRE TTPs are one of the detection mechanisms used by Seqrite HawkkHunt. The coverage is continuously improved based on our research & analysis.

The following table shows the grace period duration after the license has expired. No data is retained beyond the specified period.
Period Duration Action
Grace Period

Trial License: No Grace Period

Paid License: 30 Days

No change in existing behavior. IR can access all the features and will get the latest data
from the endpoints.
Inactive Period

Trial License: No Grace Period

Paid License: 30 Days

Seqrite HawkkHunt will not be accessible. The sensor will stop sending the date to the
HawkkHunt backend. The old data on the backend persists.
After Inactive Period Application is off boarded for the tenant. Data from Seqrite HawkkHunt gets deleted.
Tenant will not be able to access the data.

Seqrite HawkkHunt is cloud based.

Once the subscription expires Grace period is initiated. The functionality works as it is in the grace period.

Period Duration Action
Grace Period

Trial License: No Grace Period

Paid License: 30 Days

No change in existing behavior.

IR can access all the features and will get the latest data from the
endpoints.

Inactive Period

Trial License: No Grace Period

Paid License: 30 Days

Seqrite HawkkHunt will not be accessible.

The sensor will stop sending the date to the HawkkHunt backend.

The old data on the backend persists.

After Inactive Period

Application is off boarded for the tenant. Data from Seqrite HawkkHunt
gets deleted.

Tenant will not be able to access the data.

No, we cannot stop the remediation action once it is initiated.

Remediation action has to be initiated by Incident Responder.

Notification support is not available as of now. This may be added in upcoming versions.

Threat Hunting feature in Seqrite HawkkHunt works in near real time. Through Threat Hunting, an IR can search for events within a couple of minutes of them occurring. Generating corelated alerts takes some time though, as they have to process large amounts of data. These alerts are asynchronously generated within an hour in most cases.

Seqrite HawkkHunt cannot be used with other antivirus solution than Seqrite EPS Cloud as it comes as an inbuilt feature with Seqrite EPS on Cloud.

Seqrite HawkkHunt is targeted towards hard to detect threats & APT (Advanced Persistent Threats) attacks. HawkkHunt complements Seqrite Endpoint Security Cloud by adding a detection layer. Combined, these products provide customers with top-notch protection & detection capabilities.

No. User just needs to deploy Seqrite EPS Cloud client and it will silently install the Seqrite HawkkHunt sensor in background.

Yes, Reports feature of Seqrite HawkkHunt gives health summary of the endpoints deployed in the network.

Seqrite HawkkHunt sensor doesn’t add any noticeable load on the endpoint. It works silently in the background without user noticing it’s presence.

Seqrite HawkkHunt sensor only collects the METADATA about the files. It does not have access to the content.

There is no hardware investment required in your premise.

Seqrite HawkkHunt is offered as a feature in Seqrite EPS Cloud and can be enabled on all the endpoints for which Seqrite EPS Cloud license is purchased. Seqrite HawkkHunt cannot be enabled for single endpoint. It has to be enabled either on all the endpoints or none.

APIs are not publicly accessible for Seqrite HawkkHunt as of now. They will be exposed for third party integration in a later version.

You will need the following:
    i. QuickHeal will provide the fresh Seqrite EPS on Cloud build to the customer.
    ii. Customer will install this build on fresh PCs where there is no existing version of EPS (On Cloud or On Premise) is present.
    iii. These PCs should be active in the network. There must be some activities happening on those machines.
    iv. Once the Seqrite EPS clients are installed on the PCs, the Seqrite HawkkHunt feature needs to be enabled from the Seqrite EPS on Cloud server console.
    v. Once the feature is enabled an IR can click on ‘Go To Seqrite HawkkHunt’ option and find the details.

After the Seqrite HawkkHunt sensors are installed on any endpoint, they start sending the details of activities happening on that endpoint. An alert gets generated if any malicious activity is detected on the endpoint.

EPP products are responsible for protecting your endpoints from Cyber Threats. Even though EPP products do a commendable job of protection, some hard to detect threats & APT type attacks can bypass them. Seqrite HawkkHunt complements an EPP product by adding detection layer for such situations. HawkkHunt aims to reduce the dwell time (duration for which a successful attack remains active in an organization’s network before discovery) and minimize the impact of such attacks.

Seqrite HawkkHunt is available as an addition to Seqrite Endpoint Security Cloud. A standalone version would be made available at a later point.

Seqrite HawkkHunt is aimed at detecting hard to detect & APT type of threats. That is done via asynchronous correlation of data collected from endpoints. Real time prevention of threats is done by Endpoint Security products.

Yes, you can sign up for a trial on the Seqrite portal https://www.seqrite.com/

Yes. It is.