Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-10-2023 12:14 AM
Hi team,
Got a renewal quotation with new XTH module.
Heard eXtended Threat Hunting (XTH) Module is about query the raw data for threat hunting.
Still not so sure what is the new module is used for?
What is the use case to purchase this lic in addition to XDR Pro.
Without the XTH, what is limited when comparing with XTH lic on?
Regards,
SDG
07-10-2023 02:37 AM - edited 07-10-2023 08:56 AM
Hi @SeanDeHarris ,
The XTH module will ensure ingestion of additional data metrics which can be used for detailed investigation events. This module will ensure you have the agent collecting all the necessary data required for threat hunting events related to process, network and user entity based activities that can be collectively leveraged for effective threat hunting events.
It also ensures to get high fidelity alerts on basis of UEBA data which is not part of the normal XDR Pro agent. Also, that essentially makes you get some extra detectors that we have with Pro+ XTH.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query
07-10-2023 07:33 AM
Hi SeanDeHarris,
Just to add some additional color on this, you will not miss any attacks or decrease your protection capabilities by not purchasing the new XTH module. The vast majority of analytics alerts will still work, and those that do not are being actively evaluated by our research and product teams to determine if any changes can be made to ensure they work with the data uploaded by the new base Pro EP offering.
The goal of splitting out some EDR data collection is to keep our existing protection and detection capabilities largely intact while reducing the bandwidth consumption for customers that don't want or need the detailed log collection for threat hunting. You will, of course, get all relevant data uploaded when an alert is triggered on the agent, but the real-time data uploading is more limited otherwise.
I would recommend you reach out to your account team for detailed information on what events are and are not collected without the XTH license, and to have an additional discussion around how we are continuing to provide the same great detection and response capabilities regardless of your licensing.
10-05-2023 09:05 AM
Hello, where can I "see" this module? Are there additional steps or actions that need to be taken to make sure this add-on is working as expected? If anyone can provide a link to an article providing more information, that would be greatly appreciated.
11-16-2023 11:44 AM
I have the same issue, there is not much documentation on this module other than the analytics alert reference guide, however I don't see any of these alerts in my tenant.
11-17-2023 03:36 AM
Hi @bkedmunds ,
Maybe this doc helps. It outlines the type of logs which require XTH module for data collection and enhanced telemetry:
11-17-2023 05:21 AM
Thank you @neelrohit this is exactly what I was looking for.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
