AC-Hunter Enterprise Edition

$19,500 -- AC-Hunter Enterprise Edition Software Including Support and Updates for the First Year - Optional Recurring Support Subscription of $6,500 per Year Thereafter.

Credit card purchase provides immediate access to the AC-Hunter Enterprise Edition Software. See description below for alternate payment methods.


* Team Name is required for purchase. (recommended: your company’s name)




  • Download of the AC-Hunter Enterprise Edition Software
  • First Year of Technical Support Included
  • First Year of Software Version Updates Included
  • Unlimited Network Sensors
  • Unlimited Bandwidth and Data
  • Unlimited Safelist Entries
  • Unlimited Archived Datasets
  • Open-Site License – Deploy as Many AC-Hunter Instances You Desire Within Your Organization
  • External SIEM Alerting
  • Report Exporting
  • Cyber Deception Creation and Event Reporting
  • Microsoft Azure Cloud Installation Package Included
  • 3 Hours of THAT (Threat Hunting Assistance Team) Live Collaborative Threat Hunting Support
  • Customer Portal Website Access for up to 10 Users
  • No Additional Fees or Upcharges


  • No Surprise Charges and You Can Renew at Anytime to Continue to Receive Support and Software Updates
  • Continued Access to Latest Version Downloads
  • Continued Access to Customer Support
  • Continued Access to Software Updates and Feature Improvements
  • Continued Access to Patches and Fixes
  • Continued Access to Portal Website Threat Hunting Tutorials, Tricks and Tips
  • Continued Access to Portal Website Team Membership (Team of 10 website users you define)


  • AC-Hunter can quickly analyze millions of connection requests and easily identify which systems or IoT devices have been compromised.
  • Identify compromised hosts on your network regardless of the operating system, hardware or network link speed.
  • AC-Hunter inspects encrypted sessions while maintaining data privacy and integrity.
  • No Bandwidth Restrictions – Use AC-Hunter to analyze as much network traffic as you wish.
  • No Agents to Install – AC-Hunter verifies all devices regardless of operating system or hardware.
  • Open Site Licence – Deploy as many copies as you need within your organization.
  • Simple-to-use Interface – Designed for everyone from junior analysts to seasoned professionals.
  • SIEM and Slack Alerting – AC-Hunter continuously hunts your network looking for signs of command and control activity. When a backdoor is identified, we can notify you via Slack, the SIEM of your choice or a centralized logging server.
  • Safelisting – Safelist communications by single IP address, class A, B or C range, Org Name or Org ASN. Also by source, destination or pairs.


  • Dashboard: Visualize your network hosts sorted by Threat Rating Score with a cumulative point breakdown of Threat Activity to quickly identify suspect systems.
  • Beacons Module: AC-Hunter detects consistencies and patterns in the behavior of backdoors. AC-Hunter utilizes a mixture of detection techniques that rely on attributes like an interval of connections, data size, dispersion, and advanced algorithms.
  • Strobes Module: Strobes are similar to beacons in that they are repeated connections between two IP addresses. Unlike a beacon which may try and hide its signaling, a strobe makes no attempt at being stealthy. A signal that triggers two or three times a second is an excellent example of a strobe.
  • Long Connections Module: Rather than calling home on a regular basis, attackers may try to simply call home and leave the connection open indefinitely. To spot this traffic, you can use our long connections module.
  • Threat Intel Module: AC-Hunter aggregates results from multiple threat intelligence feeds so that you have a single interface to spot highly suspect activity.
  • DNS Module: DNS C2 is one of the most common means for attackers to exploit highly-secure environments. AC-Hunter detects this by looking at the number of subdomains per domain and will flag suspicious quantities.
  • Client Signature Module: AC-Hunter analyzes Useragent Strings and SSL/TLS Hash to identify systems on your network that communicate in a unique fashion.
  • Certificate Module: The certificate module checks the digital certificate being issued by servers during outbound HTTPS connections.
  • Deep Dive Module: While the other AC-Hunter modules focus on a specific threat vector (beaconing, long connections, DNS tunneling, etc.), the Deep Dive module is designed to help assess the threat of a specific system.



  • Credit Card – Select [PURCHASE] above, select Credit Card payment and get instant access to download AC-Hunter and get started right away!
  • Bank Transfer – Select [PURCHASE] above, select Bank Transfer payment. Your account will be created and you will receive an email to complete the bank transfer. AC-Hunter access will be granted as soon as we receive your payment.
  • Check – Select [PURCHASE] above, select Check payment. Your account will be created and AC-Hunter access will be granted as soon as we receive your payment.
  • Purchase Order Number – Please contact us and we will take care of the process for you.
  • Invoice – Please contact us and we will take care of the process for you.
  • Partners/Re-sellers – If your company requires purchasing through pre-approved third-party vendors, please contact us and we will take care of the process for you.
  • Other – Have another method in mind? Please contact us to discuss other options.

Additional information

System Requirements:

AC-Hunter requires two systems, one running Zeek and the other running RITA and AC-Hunter. The following are the minimum system requirements for each.

Operating Systems:

Both systems are designed to run on the Linux operating system. The preferred platform is 64-bit Ubuntu 16.04 LTS, however CentOS 7 is supported as well. AC-Hunter will install all of the required dependencies. Note that Ubuntu 18.04 and 18.10 are not supported at this time because of an issue between Zeek and the openssl library used in Ubuntu 18.x.


In order to capture traffic with Zeek, you will need at least 2 network interface cards (NICs). One will be for the management of the system and the other will be the dedicated capture port. Intel NICs perform well and are recommended.

System Running Zeek:

PROCESSOR – Two cores plus an additional core for every 100 Mbps of traffic being captured. (three cores minimum). This should be dedicated hardware as opposed to virtual machines, as VM scheduling and resource congestion with other VMs can cause packets to be dropped or missed. MEMORY – 32GB minimum. 64GB if monitoring 100Mb or more of network traffic. 128GB if monitoring 1Gb or more of network traffic. STORAGE – 300GB minimum. 1TB or more is recommended to reduce log maintenance. SSD storage is strongly recommended as this can cut processing time significantly. We also recommend that you do not run RAID 5 as this doubles the number of read/writes per block, thus degrading I/O performance.

System Running RITA and AC-Hunter:

Can be run as a virtual machine if provided sufficient resources. PROCESSOR – Two cores minimum. Four recommended. MEMORY – 16GB minimum. 32GB or more recommended. STORAGE – 1 TB minimum. Additional storage is recommended if you plan to keep data for an extended period of time (more than a few weeks). We recommend using XFS for the file system partition type. NETWORK – Standard Ethernet network card interface (physical or virtual).

You may also like…