Home  >  APT29  >  Results  >  ReaQta  >  Configuration

ReaQta Configuration

Product Versions

Server

ReaQta-Hive version 2.2.5
Configuration: default, no changes required

Endpoint Agent

Agent version: 2.1.0
Architecture: x64
OS: Windows 10

Description

ReaQta-Hive is an endpoint threat response platform that leverages Dynamic Behavioral Analysis to identify and track new cyber threats. The solution streamlines the work of security analysts by automatically mapping relevant MITRE ATT&CK events to both existing security alerts and relevant threat hunting activities. Attackers’ operations are broken down in stages, making it easy for analysts to understand which phases of the cyber kill-chain have been reached and formulate their response accordingly.

ReaQta-Hive includes a core feature called NanoOS, which is used to acquire low-level information and detect anomalies. This feature was disabled during the evaluation due to restrictions on the testing environment.

ReaQta-Hive makes use of a NanoOS, a live-hypervisor component that provides in-depth visibility into endpoint behavior. The NanoOS is resilient to attacks and guarantees accurate and reliable data collection even in adversarial scenarios, such as during a post-breach assessment. The NanoOS is capable of inspecting the operating system without modifying running applications or adding hooks that might generate instabilities. By taking advantage of hardware acceleration features for virtualization, performance impact is kept to an absolute minimum. All the information acquired by the NanoOS is first analysed by a local A.I. engine, which is used to discover threats targeting a specific endpoint. An infrastructural A.I. then performs further analysis to identify infrastructure-wide anomalies.

ReaQta-Hive is easy to deploy and supports Windows, Linux, MacOS, and Android endpoints, allowing analysts to make use of a single agent, as well as an extremely polished dashboard, to analyse and respond to threats as efficiently as possible. Common tasks can be automated with ease, thanks to detection and response playbooks, which can be created to detect custom scenarios, while also automatically triggering appropriate response measures, both at the endpoint and infrastructural level.

With a unique set of engines that are capable of continuous learning, ReaQta-Hive can be deployed on-cloud, on-premise, and in completely isolated environments without degradation of performance. The dashboard lays out a helpful resolution workflow to guide analysts, providing risk indicators, impact assessment, and a clear list of high-level activities conducted by attackers, without requiring manual analysis. A powerful Threat Hunting interface enables security teams to look for suspicious activities in real-time and to discover and aggregate MITRE ATT&CK techniques for easier assessment.

ReaQta-Hive makes the MITRE ATT&CK framework an integral part of its operations to speed up and simplify the work of security professionals, all while providing in-depth visibility over complex behaviors.

Product Configuration

NanoOS: Disabled
Protections: Disabled
Detection Engines: Default

Configuration Changes

Powershell Logging enabled.