Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Process Insights
Environment: Platform
Summary: A brief description of process insights.
In This Article
3Process Insights Alerts and Detections
Current Compatibility
For current compatibility, please see our Supported OS Compatibility chart.
What are Process Insights?
The Process Insights service constantly monitors all processes running on a system via the Huntress Agent. This processing activity is systematically uploaded to the Managed Service Platform. The Huntress Security Operations Centers (SOC) team uses a series of established guidelines and rules to scour for potentially malicious or suspicious behaviors, e.g., an ordinarily benevolent process attempting privilege escalation.
Process Insights is included as a part of the Huntress Managed Endpoint Detection and Response.
Why Process Insights?
Threat actors' toolsets are constantly evolving, as is their ability to evade mechanisms designed to detect or even prevent their disruptive actions. However, threat actors' aims generally haven't changed and can be mapped to explain their activities better; many frameworks exist to achieve a consistent mapping and understanding of how and why specific cyberattack steps were taken. A popular framework is the MITRE ATT&CK Framework.
The introduction of Process Insights enables Huntress to granularly track and report on cyberattacks, delivering more informed cybersecurity details, such as why a threat actor attempted a particular action, which can even help halt an active cybersecurity threat in its tracks.
Alerts and Detections
All of an Account or Organization's Process Insights Detections may be seen in the Detections Table at the bottom of the Process Insights Dashboard. A history of that specific Endpoint's detections is also available under the Process Insights tab in the Endpoints view. The Huntress SOC Team will send off an Incident Report for any High or Critical Severity Process Insights Detections.