The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.
Home  >  Enterprise  >  Participants  >  CyCraft  > Carbanak+FIN7 Configuration


CyCraft Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.


Product Versions

  • Xensor Server 1.5.0.057
  • Xensor Engine (Windows): 7.6.57
  • Xensor Agent (Windows): 1.6.31.52863
  • Xensor Engine (Linux): 0.38.14
  • Xensor Agent (Linux): 8.24.19
  • CyCarrier: 1.15.5
  • NGAV Pattern: 7.86150

Product Description

CyCraft AIR solves security for large/medium/small organizations through its continuous organization-wide, automated, AI-driven forensics to deliver Fast/Accurate/Simple/Thorough Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessment (CA), SOC Ops solutions, and Cyber Health Score.

CyCraft AIR blocks known malicious artifacts/behavior and automates response for unknown and suspicious artifacts/behavior to give you:
Complete Understanding of Your Security Situation

  • True organization-wide root cause analysis in minutes for suspicious activity
  • Complete organization-wide storylines for incidents in minutes
  • Continuous proactive global threat intelligence-driven and AI-driven threat hunting
Rapid Response to APT-Level Attacks
  • NGAV blocking & containment
  • Actionable reporting, showing you how to remediate any incident step-by-step
  • Breach protection
CyCraft AIR’s unique architecture comes from being forensics-first (not relying on SIEM/AV/IDS legacy methods) and employing AI across all components:
  • Xensor Agents/Engines on Windows/macOS/Linux endpoints (cloud/on-prem/hybrid) perform continuous NGAV prevention for known bads, and forensic scanning to investigate unknown suspicious and anomalous artifacts/behavior. Xensor Agents continuously produce and transmit forensic metadata to Xensor Server.
  • Xensor Server manages/updates endpoints and Xensor Agents, provides remediation, and consolidates data for CyCarrier.
  • CyCarrier reads in the forensic metadata from Xensor Server and combines it with global threat intelligence to perform site-wide AI-analysis to automate investigations to rapidly produce threat hunting and site-wide attack situation reports to drive remediation.

Product Configuration

  • Scan Settings: Default
  • Scan Optimization: Enable All
  • NGAV: Detect mode (Detection Day), Block mode (Protection Day)