What Data Does Huntress Collect?
Huntress collects details about persistent (auto-starting) applications/files. We call these autoruns. The data collected includes:
- file path
- file meta-data (size, timestamp, hashes)
- the user account the autorun starts under
- how the autorun starts (registry value, task, service, etc.)
Huntress also collects auto-starting files it has not seen before. These files are used to help determine if an autorun is legitimate.
In addition to autorun data, we also collect details about the host, including:
- Version of the operating system and installed updates
- Network configuration (IP address, MAC address, hostname)