Group-IB Threat Hunting Framework and Threat Intelligence & Attribution
Promote this Nomination
Photo Gallery
![]() |
Group-IB Threat Hunting Framework and Threat Intelligence & Attribution

Additional Info
Company (that provides the nominated product / solution / service) | Group-IB |
Website | https://www.group-ib.com/ |
Company size (employees) | 500 to 999 |
Type of solution | Hybrid |
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:• Attribution: Trace the connection between your technical indicators and events collected by Group-IB THF, and the specific threat actor or malware type. Discover their TTPs to prevent or stop the attack from spreading. |
Brief Overview
It’s time to enrich internal threat detection with intelligence data to hunt down threats and predict adversaries’ next moves to stay one step ahead. Group-IB’s approach combines the capabilities of Group-IB Threat Hunting Framework (THF) and Group-IB Threat Intelligence & Attribution (TI&A) to provide necessary context for the cybersecurity data collected in your perimeter and improve your overall protection.
Group-IB THF hunts for malicious activity overlooked by traditional security tools such as antivirus software, firewalls, and intrusion prevention systems.
Features and benefits
• Traffic analysis for anomalies and suspicious activity
• Malware (links and files) detonation to prevent intrusions/breaches
• Easy and efficient control over and overview of managed protection infrastructure
• Machine learning algorithms to detect unknown threats
• Event correlation from all system modules
• Comprehensive reports
• Control over devices and applications and retrospective analysis
• Supported protocols: DNS, FTP, HTTP, RDP, SMB, SMTP, SSH.
• Integration with SIEM, SOAR, IRP systems
• 10-20 Gbps throughput
• Can be installed on-premises from ISO-image delivered as an appliance or virtual appliance
• Ability to decrypt traffic and monitor industrial networks
Group-IB TI&A. Strategic and tactical actionable intelligence from unique and mostly closed data sources. Threats, leaks, vulnerabilities and others to actively protect your business and develop your cybersecurity infrastructure.
Group-IB TI&A data sources
• Entire IPv4 space scans for open ports and running services
• Tracking of all domain names being registered
• Passive DNS
• ISP-level sensors
• History of all changes made on the Internet
• Unique IoCs from Group-IB THF
• Experience in reverse engineering, IR, digital forensics
• Honeypots, sinkholing
• Insiders underground (11 languages)
• Access to closed cybercommunities: SOCs, other vendors, law enforcement agencies