OXCULUS · THREAT HUNTING

Threat Hunting — proactive adversary pursuit on the NOGTUS evidence estate.

Threat Hunting is the proactive complement to recurring detection. OXCULUS hunters operate on the customer's NOGTUS Mega Lake — not on a sampled subset, not on a delayed analytical replica — formulating hypotheses, testing them against actual telemetry, and escalating substantiated findings into the customer's incident lifecycle. Hunting outputs persist as decision lineage and become permanent retroactive correlation surfaces.

Threat Hunting OXCULUS adalah pelacakan aktif terhadap aktivitas adversary yang belum tertangkap oleh deteksi otomatis. Hunter beroperasi di atas Mega Lake aktual pelanggan, bukan di replika analitik. Hipotesis dirumuskan dari intelijen ancaman terkini, lalu diuji terhadap telemetri historis dan langsung. Temuan tersubstansiasi dipromosikan ke siklus hidup insiden pelanggan.

SERVICE PILLARS

What this service delivers, structurally.

PILLAR

Hypothesis-Driven Operations

Hunters formulate hypotheses derived from threat-intelligence currency, MITRE ATT&CK technique evolution, and customer-environment-specific risk surfaces. Each hunt is structured, scoped, and produces decision-lineage records regardless of finding.

PILLAR

Operating on Actual Lake Data

Through NEL — NOGTUS Mega Lake — hunters query the customer's full historical telemetry. Retroactive correlation against newly emerged IOCs becomes a structural property of the hunt, not a manual after-the-fact effort.

PILLAR

Substantiated Promotion

When a hunt substantiates adversary activity, the finding flows into NIO (Lifecycle Orchestrator) and NCB (InterHub Exchange) under the customer's incident-handling cadence. The hunt becomes part of the durable evidence record, not a Slack message.

SERVICE INCLUSIONS

What you get, in commercial-package terms.

Cadence: Continuous program with monthly themed hunts
Substrate: Customer's NOGTUS Mega Lake — full historical telemetry
Hypothesis sources: Threat-intel currency, ATT&CK evolution, customer-specific risk surface
Output: Decision-lineage records, IOC artifacts, retroactive correlations
Promotion path: Substantiated findings → NIO incident lifecycle
Reporting: Hunt summary per cycle + retroactive correlation appendix
Sub-tier mode: Activatable as Enterprise MxDR component or as standalone uplift

FIT ASSESSMENT

Who this service is for — and who it isn't.

Best fit for

→Organizations whose threat profile justifies proactive pursuit (financial services, government, critical infrastructure)
→Customers running Enterprise MxDR who want hunting as a structural service property, not an ad-hoc consultation
→Mature SOC teams seeking external hypothesis diversity layered on top of internal coverage

Not the right fit when

Organizations whose risk profile is satisfied by recurring detection alone — those should start with Pro MDR and add hunting later.

READY TO ENGAGE