C3's Threat Hunting Platform is the underlying technology developed in stealth for over two years to work seamlessly with current business processes by augmenting the Security Operations Center. The Platform has the ability to integrate with any data source and generate detailed threat reports that have tracked down hacker or malicious actor activities in real time or historically.

O365 Threat Hunting

Cyber Threat Hunting "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions."

The security issues with email are now increasing as more organizations move from managing their own on-site systems to using a cloud-based service such as Microsoft Office 365. This is compounded with the fact that cyber criminals are sending millions of malicious emails to unsuspecting targets every day. These attackers are targeting employees to gain access to internal systems, as well as customers to fool them into handing over payment card information or login credentials.

Solution Details

You need a solution that tracks against a wide range of sources to provide accurate, comprehensive coverage against growing phishing threats to identify rapidly evolving attacks directed at your organization and customers in real-time.

Our SaaS solution automates threat hunting in your O365 environment and provides real-time analysis of security events.


  • Automated analysis of the phish detection and mitigation process
  • User Behavior Analytics with multiple telemetry vectors (geolocation, time, source)
  • Cross-correlation of the threat actor behavior with existing security controls (anti-spam, anti-virus)
  • Automated account suspension and lock-out
  • Real-time alerting
  • Executive and Detailed reporting


  • Reduce the risk of significant business impacts caused by email-borne attacks
  • Maximize operational efficiencies with contextual, actionable threat intelligence
  • Deliver a flexible security platform that can be expanded to protect against blended, multi-vector attacks


Contact for pricing.

Threat Hunting Automation

The consistent problem in the security industry is that we have too many alerts and not enough analysts. Reports have shown that time spent investigating security alerts have cost enterprises an average of $25,000 per week and $1.27 million each year.

These costs continue to grow as reports show that over 1 million jobs remained unfilled in cyber security at the end of 2016. This number is expected to double as we progress towards 2018.

The lack of security talent available, in combination with the ever- increasing alerts, breeds a security ecosystem that is unable to handle the workload in an efficient manner. This means that many organizations have a security team that is understaffed, overworked, and are having to prioritize analysis workflows.

The automation consists of dynamic event correlation across internal data and external threat intel resources at machine speed. We are able to generate threat activity reports that span across months' worth of data within minutes, whereas it will take a team of analysts days or weeks of diligent effort to produce similar results.

Our solution uses all of the same data collected by the SIEM, stores and analyzes real-time and historical data within the cloud, and generates in depth auditable reports that dynamically update as new information is identified within the environment. We take high frequency trading models and introduce it to the security world.

Realtime Threat Hunting services tailored to your environment.

  • Analysis Audit Trail
  • Extracted IOC Listings
  • Alert Activity Timeline
  • Source Evidence Package
  • Dynamic Reporting Updates

Data gathering support services to onboard 100% visibility.

  • Full SIEM Data Utilization
  • SIEM Data Ingestion Support
  • Security Solution Config Support

Data Tier Pricing

Daily Data Cap Price Per Month ($)
1Gb Contact for pricing
5Gb Contact for pricing
10Gb Contact for pricing
25Gb Contact for pricing
50Gb Contact for pricing


Incident Response

  • Data Breach Response
  • Incident Response Services
  • Breach detected and services.
  • Threat Hunting Assessment
  • Snapshot Incident Response

SOC Augmentation

Virtual SOC Services

  • Act as the SOC for a company via C3 TH & internal SIEM.
  • No internal SOC.

Continuous Monitoring

  • Act as third party monitoring via C3 TH & internal SIEM.
  • Supports internal SOC.

Orchestration Platform Workflow