Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
• THF Sensor for network research and protection
• THF Huntpoint for endpoint protection
• THF Polygon for malware detonation and analysis
• THF Huntbox for collaborative hunting, events correlation and automated response
• THF Sensor Industrial for OT network traffic protection
• THF Decryptor for TSL/SSL traffic decryption
THF Sensor is a Group-IB Threat Hunting Framework module designed to analyze incoming and outgoing data packages. Using its own signatures, Sensor detects interactions between infected devices and adversary infrastructure, general network anomalies, and behavior anomalies of network devices. The module also extracts objects under analysis from various sources and transfers them to THF Polygon.
THF Sensor provides follow functions:
• Extraction of files from network traffic
Files are extracted from traffic, deemed to be suspicious or not, and then transferred Polygon for behavioral analysis.
• Blocking of downloadable files
Integration is performed with ICAP proxy solutions to block downloadable malicious objects in conjunction with Polygon.
• File storage analysis
File storage content is examined and selectively blocked depending on the presence or absence of malware, in conjunction with Polygon.