May 2022 Update: If your host is experiencing unusually high resource usage from the Huntress Rio agent please follow the steps listed in the Process Insights Exclusions article to exclude that host or organization (0.3.14+ agents should be unaffected, but contact support@huntress.io if you're still having issues!) 

In This Article

1What are Process Insights

2Why Process Insights

3Process Insights Alerts and Detections

Current Compatibility

Huntress Feature	Windows Pro, Education, Enterprise 8.0+	Windows Home 8.0+	Windows Server 2012+	Legacy Windows Versions *
Process Insights

* Legacy Windows Versions include Windows Vista, Windows 7, Windows Server 2008, Server 2008 R2, Business Server 2011

What are Process Insights?

The Process Insights service constantly monitors all processes running on a system via the Huntress Agent. This processing activity is systematically uploaded to the Managed Service Platform. The Huntress ThreatOps team uses a series of established guidelines and rules to scour for potentially malicious or suspicious behaviors, e.g., an ordinarily benevolent process attempting privilege escalation.

Why Process Insights?

Threat actors' toolsets are constantly evolving, as is their ability to evade mechanisms designed to detect or even prevent their disruptive actions. However, threat actors' aims generally haven't changed and can be mapped to explain their activities better; many frameworks exist to achieve a consistent mapping and understanding of how and why specific cyberattack steps were taken. A popular framework is the MITRE ATT&CK Framework.

The introduction of Process Insights enables Huntress to granularly track and report on cyberattacks, delivering more informed cybersecurity details, such as why a threat actor attempted a particular action, which can even help halt an active cybersecurity threat in its tracks.

Alerts and Detections

All of an Account or Organization's Process Insights Detections may be seen in the Detections Table at the bottom of the Process Insights Dashboard. A history of that specific Host's detections is also available under the Process Insights tab in the Hosts view. The Huntress ThreatOps Team will send off an Incident Report for any High or Critical Severity Process Insights Detections.