May 2022 Update: If your host is experiencing unusually high resource usage from the Huntress Rio agent please follow the steps listed in the Process Insights Exclusions article to exclude that host or organization (0.3.14+ agents should be unaffected, but contact firstname.lastname@example.org if you're still having issues!)
In This Article
3Process Insights Alerts and Detections
Windows Pro, Education, Enterprise
* Legacy Windows Versions include Windows Vista, Windows 7, Windows Server 2008, Server 2008 R2, Business Server 2011
What are Process Insights?
The Process Insights service constantly monitors all processes running on a system via the Huntress Agent. This processing activity is systematically uploaded to the Managed Service Platform. The Huntress ThreatOps team uses a series of established guidelines and rules to scour for potentially malicious or suspicious behaviors, e.g., an ordinarily benevolent process attempting privilege escalation.
Process Insights is included as a part of the Huntress Managed Security Platform.
Why Process Insights?
Threat actors' toolsets are constantly evolving, as is their ability to evade mechanisms designed to detect or even prevent their disruptive actions. However, threat actors' aims generally haven't changed and can be mapped to explain their activities better; many frameworks exist to achieve a consistent mapping and understanding of how and why specific cyberattack steps were taken. A popular framework is the MITRE ATT&CK Framework.
The introduction of Process Insights enables Huntress to granularly track and report on cyberattacks, delivering more informed cybersecurity details, such as why a threat actor attempted a particular action, which can even help halt an active cybersecurity threat in its tracks.
Alerts and Detections
All of an Account or Organization's Process Insights Detections may be seen in the Detections Table at the bottom of the Process Insights Dashboard. A history of that specific Host's detections is also available under the Process Insights tab in the Hosts view. The Huntress ThreatOps Team will send off an Incident Report for any High or Critical Severity Process Insights Detections.
Please sign in to leave a comment.