Hunt Hub: Opening the Black Box of EDR Detection

You can read about detection logic. Or you can see how it actually works. In this webinar, Kaspersky experts will open Hunt Hub live inside our Threat Intelligence portal and show how detection logic is built, structured, and used in practice — in direct connection with threat actors, campaigns, and techniques observed in the wild. For a long time, detection rules often looked like a “black box” to customers. Today, this logic is transparent and accessible through the Threat Intelligence portal, allowing analysts to understand why a detection exists, which actor behavior it covers, and how it relates to known threat activity. This is a hands-on session focused on practice. Our speakers will show: • How detection rules are organized and maintained inside Hunt Hub and linked to TI data • How rules map not only to MITRE ATT&CK, but also to specific threat actors and campaigns • How analysts can read, validate, and interpret detections in a SIGMA-like format • How to use this knowledge to speed up investigations and reduce false assumptions • How to use Hunt Hub proactively to anticipate relevant threats, and reactively during investigations • What experienced SOC teams should pay attention to when working with detection logic Beyond the walkthrough, our experts will share practical tips and best practices: • How to explain detections to stakeholders with confidence • How transparency helps analysts trust alerts — and act faster • What common mistakes teams make when relying on “black box” detections • How Hunt Hub fits into daily SOC and threat hunting workflows You’ll leave with a clear understanding of how Hunt Hub works in practice — not as a standalone tool, but as part of an intelligence-driven security approach — and how to apply this model both proactively and during live incident response. Register to see Hunt Hub in action — and learn directly from the experts who built it.