Skip to main content

What is Threat Hunting?

Updated over a week ago

Axur Threat Hunting enables searching across multiple data sources to uncover threats and compromised information. Each scope parameter provides access to different types of data and threats. Each detection made by Axur generates a signal that flows into Axur Datahub, where it is indexed and structured to support precise, fine-grained scope searches.

How does it work on the platform?

1. Define your search scope to specify the data source (e.g., credentials, credit cards, messages).

2. Construct queries using Axur Query Language to refine and filter your results.

3. Review and analyze the results.

How does the Axur Threat Hunting credits system work?

Axur Threat Hunting operates on a credits-based model designed to control and optimize search activities. Understanding how credits are consumed enables efficient management of threat hunting operations.

The credit's system is designed to track search usage and ensure efficient resource allocation. Each search performed may consume credits depending on whether results are found and how many pages are accessed.

Credit Consumption Rules

Searches With Results

When a search returns results, credits are consumed as follows:

  • First 100 results: 1 credit is consumed for the initial page of results

  • Each additional page: 1 credit per 100 results (Page 2, Page 3, etc.)

Example:

If a search returns 350 results, accessing all of them would consume 4 credits:

  • Page 1 (results 1-100): 1 credit

  • Page 2 (results 101-200): 1 credit

  • Page 3 (results 201-300): 1 credit

  • Page 4 (results 301-350): 1 credit

Searches Without Results

When a search returns no results, no credits are consumed. This allows for query refinement and testing of different search parameters without penalty.

Default Behavior

By default, Axur Threat Hunting displays the first 100 results from a search. A single credit is displayed and consumed for accessing this initial page.

To view additional results beyond the first 100, the next page (Page 2) can be accessed, which will consume an additional credit for the next 100 results.

Summary

The Axur Threat Hunting credits model provides a transparent and fair way to manage search activities:

  • Each 100 results costs 1 credit

  • The first page (100 results) always costs 1 credit when results are found

  • No results = no credits consumed

  • You control whether to view additional pages and their associated costs

  • Use the system strategically to maximize the value of your credits

How long can I access the results?

After performing a search, you can view the results for a period of 12 hours. After this time, the session is closed, and navigation between results pages is interrupted.

What is it, and how do I use Axur Threat Hunting Query Syntax?

The Axur Threat Hunting Query Syntax is a Structured Query Language designed for filtering and analyzing large volumes of threat intelligence data. This syntax enables the transition from generic searches to granular investigations, isolating Indicators of Compromise (IoCs) and fraud patterns with high precision.

Logical Operators and Search Patterns

  1. Boolean Operators:

    1. Operators define the relationship between search terms:

      1. AND: Restricts results to records containing all specified terms.

      2. OR: Expands results to records containing at least one of the terms.

      3. NOT: Excludes records containing the subsequent term from the results list.

  2. Wildcards and Approximations:

    1. Used to capture string variations or incomplete patterns:

      1. * (Asterisk): Replaces a sequence of multiple characters. Ideal for subdomains or variable suffixes.

      2. ? (Question Mark): Replaces a single character. Useful for identifying typosquatting variations.

      3. ~ (Tilde): Enables Fuzzy Search (proximity search). Followed by values 1 or 2, it locates terms with similar spellings or minor typos.

  3. Grouping and Precedence:

    1. The use of parentheses ( ) is mandatory to define the processing order in queries combining multiple operators. Grouping prevents ambiguity in how the search engine interprets the logic.

How do I export data from Threat Hunting?

The Export feature allows you to download your desired amount of results as a CSV file.

Note that this action requires available credits and adheres to the same rules as Page views. For detailed information on the credit system, please refer to: How does the Axur Threat Hunting credits system work?

How do I use the Axur Threat Hunting API?

Threat Hunting is responsible for creating asynchronous searches on our data lake. You can query terabytes of data to find detections such as fraudulent websites, credit cards and credential leaks.

For you to have access to the API you must hire a plan with our sales team.

Complete Guide: https://docs.axur.com/en/axur/api/#tag/Threat-Hunting

Hunting Like a Pro

Course at Axur University:

If you have any questions, feel free to reach out at [email protected] 😊

Related Articles
Axur Threat Actor Profile
What is AI Query Builder and how to use it in Threat Hunting?
What are Threat Hunting operators, and what are they?
What are search parameters of Threat Hunting?
Hunting Like a Pro: Searches for Similar Domain Names
Did this answer your question?