Huntsman Security’s patented Behaviour Anomaly Detection engine is integrated into its SIEM to provide real-time machine learning capabilities to detect unknown threats.

Huntsman Security’s SIEM analyses activity, based on the organisation’s risks, threats and vulnerabilities, to learn normal patterns of behaviour and activity. Armed with activity baselines, it detects threats or suspicious activity that differs from expected behaviour. Huntsman Security’s SIEM can detect:

  • Higher/unusual volumes of network session or user traffic on a per user or per host basis
  • Volumes of events such as file accesses or other activity on hosts/workstations
  • Changes in the usage profile of application servers or query operations on databases
  • Changes in the frequency or prevalence of operations – up or down

By dynamically profiling multiple variables with sophisticated in-stream behavioural algorithms, the detection engine adapts to changes and trends over time; either adjusting and relearning “normal” values or using fixed/pre-set baselines, depending on the nature of the environment and risk.

Behavioural Analysis - Network Data Transfer Anomaly
Huntsman SIEM Live Dashboard

Built-in high speed detection capabilities, matched to the MITRE ATT&CK® framework

Extensive automated response script and command execution capabilities

Any data set within the system easily translated into a report and automatically published to a relevant stakeholder

Complete support for the alert triage, investigation and response lifecycle


Read by directors, executives, and security professionals globally, operating in the most complex of security environments.