Weekly Product Webinar - Every Wed at 11am PT >> Register


Threat Hunting

AWS CloudTrail - Threat Hunting in AWS CloudTrail Logs

As more companies move their IT operations from physical data centers to the cloud, SOCs need to develop new ways to analyze cloud operations and services for risks and threats. LogicHub has developed a playbook to hunt for risks in the logs of a popular cloud solution: AWS CloudTrail. This LogicHub playbook conducts seven investigations in parallel to identify risks within the CloudTrail logs.

By automating threat hunting in AWS CloudTrail logs with LogicHub you quickly and easily detect attackers and threats otherwise easily missed in the mountains of data. SOC teams are able to improve their productivity and response times, while minimizing false positives and false negatives.

Learn More about AWS CloudTrail

Code Repositories (GitHub)

LogicHub for GitHub is an automated threat detection solution that continually monitors your source code repositories for suspicious behavior and vulnerabilities to help protect your intellectual property.

Installed without having to deploy agents and set up with just a few clicks, LogicHub immediately begins analyzing millions of GitHub log events to identify any malicious or unauthorized behavior. It uses a sophisticated threat ranking engine to automatically prioritize potential threats and provides a high quality feed of security alerts.

LogicHub is designed for teams of all sizes, is very cost effective, and scales easily to support very large deployments.

Learn More about GitHub


LogicHub for Salesforce provides out-of-the-box threat detection. It continuously monitors your feed of Salesforce Audit events to detect any unusual behavior or pattern, and provides you with a high quality feed of relevant alerts.

With LogicHub’s powerful Threat Ranking engine, you can make sure that the alert feed you are getting is free of noise and false positives, while ensuring that you are always notified of suspicious activity.

Learn More about Salesforce

Automated Threat Hunting in Web Proxy Logs

When attacks deliver files and processes to a target, those files and processes often check in regularly with a remote Command and Control server, which delivers instructions and collects exfiltrated data. To detect these attacks, it’s helpful to examine web proxy logs for anomalous behavior. But those logs can be vast and the signs of attack subtle.

The LogicHub playbook for web proxy threat hunting combines automated steps for data collection, data enrichment, threat analysis, and threat remediation in a fast, efficient, easy-to-customize format. Using this playbook is an easy way to get started with the LogicHub SOAR+ platform.

Learn more about Proxy Logs

IOC Search & Event Enrichment

Many LogicHub customers use the LogicHub SOAR+ platform to automate searching for Indicators of Compromise (IOCs) from various third-party sources.

Automating the search and enrichment of threat intelligence helps the SOC identify potentially compromised machines and identify gaps in the environment’s security. This particular use case does not make any changes to the environment that could cause potential outages or block legitimate business processes, but instead provides insight to help with those changes.

Customers Tell Our Story Best

SOAR+ is the product of customer feedback. LogicHub would not be here if it wasn’t for our customers and our community of thought leaders that help us every day make our platform the best it can be. We could not ask for more loyal and generous community.

Learn More

Experience the SOAR+ Platform


Try LogicHub SOAR+ and automate your playbooks using your data today

Product Video

Watch a short video highlighting the main use cases of the platform

Product Tour

Browse through the most important features of the platform

Product Webinar

Learn about the platform every Wed at 11am PT in the live webinar

Request a Demo

Schedule a one-on-one platform demo with our expert Sales Engineers

Request a Demo