Managed Threat Hunting (MTH) must be configured by a Super Admin before the MTH team can begin hunting for threats. A pop-up appears every time a Super Admin logs in without MTH configured. In the pop-up, click Configure MTH settings to get started.
If you close the pop-up or need to make changes to your MTH settings, in the top-right, click your display name > Account, and click Settings next to Managed Threat Hunting.
The MTH team needs Nebula Super Admins to contact when remediation steps are required for a detection or suspicious activity. Select Super Admins for primary, backup, and alternate contacts for the MTH team to notify.
Nebula notifications are created for all contacts selected on this page. For more information, see Set up Managed Threat Hunting notifications in Nebula.
When deleting a Super Admin who is an MTH contact from the Settings > Users page, you are prompted to select a new contact.
Global Data Protection Regulation requirement
CAUTION - This setting cannot be changed later. Confirm the correct selection is made before clicking Save.
Global Data Protection Regulation (GDPR) is a regulation on data protection and privacy in the European Union (EU) and European Economic Area (EEA). If you have any endpoints protected by Nebula located in the EU or EEA, select Yes. This selection controls where data for MTH is stored.
Connect to MTH portal
Once MTH configuration is complete, on the top click the MTH Portal. This generates and connects your MTH account with Nebula. By connecting your accounts, analysts can begin threat hunting and send notifications on alerts.
Return to Managed Threat Hunting guide for Nebula.