Hunt Platform Statistics Launch

The Power of the Hunt.io Platform

Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.

The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.

Platform Statistics Page Launch

1 Platform wide observations per second is the sum of all the parts listed below.

2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.

3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.

4 HTTP pages are grabs of full HTML content.

5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.

6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.

7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.

Approximate Platform wide Statistics

Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:

• 512 Physical Cores
• 6TB of RAM
• 280TB NVMe Storage
• 20gbe networking between nodes

This allows us to store the following and scale horizontally as we need to:

• 37.4 trillion data points right now
• 1.5 million scheduled port probes per second
• 300k port guesses per second
• 10s of thousands of unique ports detected
• 200 million certificates per day
• 25 million unique certificates per day
• 168 million service detections per day
• 710 million unique open port/ip combos per day
• 55 million JARMS per day
• 60 million HTTP grabs per day
• 34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)

How to View Platform Statistics

From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.