Seqrite HawkkHunt dashboard has two different themes, light and dark. To change the theme of the dashboard, click the toggle button on the upper right corner.
Frequently Asked Questions
Seqrite HawkkHunt complements Seqrite Endpoint Security Cloud, by adding the detection layer. It monitors activities on endpoints, detects suspicious behaviour, and allows Incident Responders to take remediation actions. Seqrite HawkkHunt is effective against advanced cyber attacks, which remain active within an organization’s network for several days & months. With Seqrite HawkkHunt you can reduce this “dwell time” (duration for which an attack remains active within an organization before discovery) and minimize the impact of a cyber attack.
Seqrite HawkkHunt collects interesting data from endpoints, processes the data through correlation engine, looks for interesting patterns, and generates alerts when some potentially malicious activities are identified.
Operating System | System Requirements |
Windows 10, Windows 8.1, Windows 8 |
Processor: 1 gigahertz (GHz) or faster RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit |
Windows 7 ( Only if "KB4474419" and "KB4490628" MS patches are applied) |
Processor: 1 gigahertz (GHz) or faster RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit |
Windows XP Service Pack 2 |
Processor: 300 Megahertz (MHz) Pentium or faster RAM: 512 MB |
Windows Server 2019, Windows Server 2016, Windows Server 2012 R2/ Windows Server 2012 |
Processor: 1.4 GHz Pentium or faster RAM: 2 GB |
Windows Server 2008 R2( Only if "KB4474419" and "KB4490628" MS patches are applied) |
Processor: 1 GHz for 32-bit or 1.4 GHz for 64-bit RAM: Minimum 512 MB (Recommended 2 GB) |
Windows Server 2003 Service Pack 2 |
Processor: 550 MHz for 32-bit or 1.4 GHz for 64-bit RAM: 256 MB for 32-bit or 512 MB for 64-bit |
Seqrite HawkkHunt sensor, once installed, monitors various activities on the endpoint; collects interesting events, and sends them to HawkkHunt backend. Sensor is also responsible for executing remediation actions that are selected by the Incident Responder.
Seqrite HawkkHunt complements Seqrite Endpoint Security Cloud, which is responsible for Protection. HawkkHunt adds the detection layer.
Version 1.1 of Seqrite HawkkHunt supports Windows based PCs. In later versions, support for other operating systems & platforms will be added.
Yes. It is seamless. The sensor gets installed as a part of EPS Cloud client installation process.
Seqrite HawkkHunt v1 works alongside Seqrite Endpoint Security Cloud. Support for third party Endpoint Security products will be added at a later time.
Windows Vista – No Longer supported
Windows Server 2008(below R2) – No Longer supported
Windows 7. To continue using your Seqrite product with this operating system, please apply "KB4474419" and "KB4490628" MS patches.
Windows Server 2008 R2. To continue using your Seqrite products with this operating, please apply "KB4474419" and "KB4490628" MS patches.
Windows Server 2012, Windows Server 2016, Windows Server 2019 and later are supported. No action required.
MITRE TTPs are one of the detection mechanisms used by Seqrite HawkkHunt. The coverage is continuously improved based on our research & analysis.
Period | Duration | Action |
---|---|---|
Grace Period | Trial License: No Grace Period Paid License: 30 Days |
No change in existing behavior. IR can access all the features and will get the latest data from the endpoints. |
Inactive Period | Trial License: No Grace Period Paid License: 30 Days |
Seqrite HawkkHunt will not be accessible. The sensor will stop sending the date to the HawkkHunt backend. The old data on the backend persists. |
After Inactive Period | Application is off boarded for the tenant. Data from Seqrite HawkkHunt gets deleted. Tenant will not be able to access the data. |
Seqrite HawkkHunt is cloud based.
Once the subscription expires Grace period is initiated. The functionality works as it is in the grace period.
Period | Duration | Action |
---|---|---|
Grace Period | Trial License: No Grace Period Paid License: 30 Days |
No change in existing behavior. IR can access all the features and will get the latest data from the |
Inactive Period | Trial License: No Grace Period Paid License: 30 Days |
Seqrite HawkkHunt will not be accessible. The sensor will stop sending the date to the HawkkHunt backend. The old data on the backend persists. |
After Inactive Period | Application is off boarded for the tenant. Data from Seqrite HawkkHunt Tenant will not be able to access the data. |
No, we cannot stop the remediation action once it is initiated.
Remediation action has to be initiated by Incident Responder.
Notification support is not available as of now. This may be added in upcoming versions.
Threat Hunting feature in Seqrite HawkkHunt works in near real time. Through Threat Hunting, an IR can search for events within a couple of minutes of them occurring. Generating corelated alerts takes some time though, as they have to process large amounts of data. These alerts are asynchronously generated within an hour in most cases.
Seqrite HawkkHunt cannot be used with other antivirus solution than Seqrite EPS Cloud as it comes as an inbuilt feature with Seqrite EPS on Cloud.
Seqrite HawkkHunt is targeted towards hard to detect threats & APT (Advanced Persistent Threats) attacks. HawkkHunt complements Seqrite Endpoint Security Cloud by adding a detection layer. Combined, these products provide customers with top-notch protection & detection capabilities.
No. User just needs to deploy Seqrite EPS Cloud client and it will silently install the Seqrite HawkkHunt sensor in background.
Yes, Reports feature of Seqrite HawkkHunt gives health summary of the endpoints deployed in the network.
Seqrite HawkkHunt sensor doesn’t add any noticeable load on the endpoint. It works silently in the background without user noticing it’s presence.
Seqrite HawkkHunt sensor only collects the METADATA about the files. It does not have access to the content.
There is no hardware investment required in your premise.
Seqrite HawkkHunt is offered as a feature in Seqrite EPS Cloud and can be enabled on all the endpoints for which Seqrite EPS Cloud license is purchased. Seqrite HawkkHunt cannot be enabled for single endpoint. It has to be enabled either on all the endpoints or none.
APIs are not publicly accessible for Seqrite HawkkHunt as of now. They will be exposed for third party integration in a later version.
-
i. QuickHeal will provide the fresh Seqrite EPS on Cloud build to the customer.
ii. Customer will install this build on fresh PCs where there is no existing version of EPS (On Cloud or On Premise) is present.
iii. These PCs should be active in the network. There must be some activities happening on those machines.
iv. Once the Seqrite EPS clients are installed on the PCs, the Seqrite HawkkHunt feature needs to be enabled from the Seqrite EPS on Cloud server console.
v. Once the feature is enabled an IR can click on ‘Go To Seqrite HawkkHunt’ option and find the details.
After the Seqrite HawkkHunt sensors are installed on any endpoint, they start sending the details of activities happening on that endpoint. An alert gets generated if any malicious activity is detected on the endpoint.
EPP products are responsible for protecting your endpoints from Cyber Threats. Even though EPP products do a commendable job of protection, some hard to detect threats & APT type attacks can bypass them. Seqrite HawkkHunt complements an EPP product by adding detection layer for such situations. HawkkHunt aims to reduce the dwell time (duration for which a successful attack remains active in an organization’s network before discovery) and minimize the impact of such attacks.
Seqrite HawkkHunt is available as an addition to Seqrite Endpoint Security Cloud. A standalone version would be made available at a later point.
Seqrite HawkkHunt is aimed at detecting hard to detect & APT type of threats. That is done via asynchronous correlation of data collected from endpoints. Real time prevention of threats is done by Endpoint Security products.
Yes. It is.