Automated incident response software for fast, comprehensive, and easy intrusion investigations
Cyber Triage makes your response more efficient when you are working around the clock to get attackers out.
It has 4 core concepts to make you as fast and comprehensive as possible:
Cyber Triage’s flexibility allows it to integrate with SIEM/SOAR systems, leverage cloud infrastructure, and be used by both internal SOCs and MSSPs.
Cyber Triage allows you to more efficiently find attackers and get them out.
The key to getting attackers out is being able to quickly process lots of data from lots of hosts. This allows you to identify where they are and how they persist.
Cyber Triage allows you to achieve both speed and comprehensiveness:
Cyber Triage’s automation makes you as fast as possible. In the words of 13Cubed, “It’s almost to the point of point and click forensics.”
Cyber Triage’s targeted collection approach saves time because it copies the most important data from the system in one step and does not require the user to make a forensic image of the entire drive.
After collection, Cyber Triage automatically looks for data that is anomalous and similar to past incidents. Each collected item is assigned a score based on its risk. Bad and suspicious items are prioritized and shown to the user.
After reviewing the data, users can dig deeper for more context and get to root cause. Cyber Triage recommends related files, provides timelines to find other suspicious items, and makes it easy to pivot between artifacts.
Everything works together with Cyber Triage. Multiple investigators can work on the same investigation at the same time. JSON or CSV reports are easy to generate and import into other systems. (It’s also simple to create beautiful HTML reports for management). And, once the investigation is done, Cyber Triage uses the results to improve future analyses.