Hunt Platform Statistics Launch
Published on
Published on
Published on
Sep 19, 2023
Sep 19, 2023
Sep 19, 2023
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
Related Posts:
GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.
GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.
Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.
Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.
Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.
Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.
Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.
Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.
GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.
Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.