Solutions

HakkHunt FAQs

23-04-2021 18:03:54 1 0
  1. What is Seqrite HawkkHunt?
    a. Seqrite HawkkHunt is a solution which is designed to monitor activities on endpoints, detect suspicious behavior and respond to that behavior. Seqrite HawkkHunt is mainly used against advanced malwares in which an unauthorized user takes an access and control of system or a network and remains there for longer period. Seqrite HawkkHunt is not a replacement of an antivirus solution but it can work with antivirus to enhance the security as Seqrite HawkkHunt tells the whole story and helps you to track how any attack entered in system and attempted to run.

  2. How and what does Seqrite HawkkHunt do?
    a. Seqrite HawkkHunt is an advanced feature that can be enabled from the Seqrite EndPoint Security (EPS) on Cloud. Seqrite HawkkHunt agent hereinafter referred to as the EPS on Cloud agent is installed on the endpoints and it begins the monitoring of the Process, File, Registry and Network activities. Seqrite HawkkHunt product uses rules or patterns defined to detect malicious activities and notifies in the form of alerts, if any malicious activity is found.

  3. Does the solution prevent threats from executing?
    a. No, this solution just monitors the activities and alerts the user. To prevent threat execution, one should have to send the remediation command from the Seqrite HawkkHunt server.

  4. Can we deploy Seqrite HawkkHunt in standalone mode?
    a. No, there is no provision of deploying Seqrite HawkkHunt in standalone mode.

  5. How Seqrite HawkkHunt is different from EPP products?
    a. EPP is inherently preventative, and most of its approaches are signature-based – identifying threats based on known file signatures for newly discovered threats whereas, Seqrite HawkkHunt combines elements of next-gen antivirus with additional tools to provide real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.

  6. How soon can I begin getting results after I go for a trial license?
    a. Once the Seqrite HawkkHunt (Seqrite EPS on Cloud) sensors get installed on any endpoint, they start sending the details of activities happening on that endpoint. Alert gets generated if any malicious activity is detected on the endpoint.

  7. What efforts are required in getting Seqrite HawkkHunt to work in my network infrastructure?
    a. You will need the following:
    1. Once the feature is enabled an IR can click on ‘Go To Seqrite HawkkHunt’ option and find the details.
    2. QuickHeal will provide the fresh Seqrite EPS on Cloud build to the customer.
    3. Customer will install this build on fresh PCs where there is no existing version of EPS (On Cloud or On Premise) is present.
    4. These PCs should be active in the network. There must be some activities happening on those machines.
    5. The setup should be on the separate network.
    6. Once the Seqrite EPS clients are installed on the PCs, the Seqrite HawkkHunt feature needs to be enabled from the Seqrite EPS on Cloud server console.

  8. What is the USP (Unique Selling Point) for Seqrite HawkkHunt?
    Below are USPs of Seqrite HawkkHunt.
    a. Seqrite HawkkHunt solution is built on Quickheal’s years of experience of handling security related incidents through its protection-based products. We have added intelligence in Seqrite HawkkHunt gathered through this experience.
    b. The visual representation of the huge data that is getting generated using multiple widgets like process tree view, timeline view etc... Ability to quickly traverse through the attack chain to identify the attack source.
    c. Support of light & dark theme on the portal is our unique offering.

  9. Does Seqrite HawkkHunt offer APIs?
    a. No.

  10. How many endpoints (Maximum & minimum) can I install the Seqrite HawkkHunt (EPS on Cloud) Agent on?
    a. Seqrite HawkkHunt is offered as a feature in Seqrite EPS on Cloud and can be enabled on all the endpoints for which Seqrite EPS on Cloud license is purchased.
    b. Seqrite HawkkHunt CANNOT be enabled for single endpoint. It has to be enabled either on all the endpoints or none.

  11. Do I require any hardware investment on my premises?
    a. There is no hardware investment required in your premise.

  12. Does Seqrite HawkkHunt violate any privacy regulations? What all files does the sensor go through or what information does a sensor collect and send to Seqrite HawkkHunt portal?
    a. EPS on Cloud sensor only collects the METADATA about the files. It does not have access to the content.

  13. Does a Seqrite HawkkHunt (EPS on Cloud) sensor cause and slowing down of my endpoints?
    How much is the memory (RAM) footprint? –
    a. Ideally EPS on Cloud sensor does not cause slowing down on the endpoints however if there are huge activities on the endpoint like frequent file creation, deletion, network access etc. then you may experience slowness on the endpoint.

  14. Does Seqrite HawkkHunt help in giving any indicators of health of my endpoints?
    a. Yes, Reports feature of Seqrite HawkkHunt gives health summary of the endpoints deployed in the network.

  15. How long does Seqrite HawkkHunt portal retain any data that it is collecting?
    a. The following table shows the grace period duration after the license has expired. No data is retained beyond the specified period.



  16. How easy is it to install Seqrite HawkkHunt (EPS on Cloud) sensors, does it require any downtime on endpoints?
    a. No. User just needs to execute Seqrite EPS on Cloud client and it will silently install Seqrite HawkkHunt sensor in background.

  17. Is Seqrite HawkkHunt cloud based or premise based?
    a. Seqrite HawkkHunt product is cloud based only.

  18. What type of threats & malwares does Seqrite HawkkHunt detect and mitigate?
    a. Seqrite HawkkHunt detects APTs (Advanced Persistent Threats) and mitigation is totally a manual process for now as user has to take remediation action to mitigate the threat.

  19. Can I use Seqrite HawkkHunt with my existing antivirus software?
    a. Seqrite HawkkHunt cannot be used with other antivirus solution than Seqrite EPS on Cloud as it comes as an inbuilt feature with Seqrite EPS on Cloud. You can use Seqrite HawkkHunt with existing Seqrite EPS once you upgrade to the Cloud version.

  20. Does Seqrite HawkkHunt also offer antivirus protection with its sensor?
    a. Seqrite HawkkHunt is a feature that is integrated with Seqrite EPS Client (Anti-virus). Seqrite HawkkHunt does not offer the protection functionalities within its feature.

  21. What OS or platforms are supported by Seqrite HawkkHunt?
    a. Seqrite HawkkHunt is supported on Windows OS version 7.0 and above.

  22. Does Seqrite HawkkHunt work in real-time to detect or mitigate threats? What is the response/delay in sending notifications to Seqrite HawkkHunt portal?
    a. Seqrite HawkkHunt works in near real time mode with a delay of about 15 mins.

  23. Does Seqrite HawkkHunt offer SMS/email-based notifications?
    a. No.

  24. Will Seqrite HawkkHunt work in collaboration with my existing Endpoint security solution? (Other than Seqrite EPS)?
    a. No, Seqrite HawkkHunt will not work in collaboration with any other existing Endpoint security solution other than Seqrite Endpoint Protection Security.

  25. Does Seqrite HawkkHunt provide any automatic remediation, or the Incident Responder has to do it?
    a. Seqrite HawkkHunt does not provide automatic remediation for now. IR should have to send the remediation command from the Seqrite HawkkHunt server.

  26. Can we stop the remediation action initiated?
    a. No, we cannot stop the remediation action once it is initiated.

  27. What type of endpoints are supported, PC, MAC, Mobile, Tablet?
    a. Seqrite HawkkHunt is supported only for Windows endpoints. Please refer this link for supported Windows versions.

  28. What subscription models are supported? –
    a. This is not fixed yet.

  29. What happens when my subscription expires?
    a. Once the subscription expires Grace period is initiated. The functionality works as it is in the grace period. Once the grace period expires it enters in inactive state where all the features of Seqrite HawkkHunt are disabled and the Seqrite HawkkHunt sensor stops sending data to the server. However, the data remains on the server.
    After the inactive period, Seqrite HawkkHunt is off-boarded with the tenant data getting deleted. The tenant will not be able to access the data.
    Please refer below chart for more details.



  30. Does Seqrite HawkkHunt detect all types of MITRE attack Tactics? 
    a. Seqrite HawkkHunt covers most of the MITRE attack tactics.

  31. What is minimum hardware configuration required for Seqrite HawkkHunt sensor installation?
    a. The following configuration is required for the HawkkHunt agent to be installed.



  32. Is sensor installation seamless, manual, or cloud-based?
    a. Yes. It is seamless. The sensor gets installed as a part of Seqrite EPS on Cloud client installation process.

  33. Is Seqrite HawkkHunt compatible with Windows Active Directory file & folder access permissions?
    a. Yes.

Vote

Was this article helpful?
1 out of 1 found this helpful

Leave a comment