Trusted by global organizations committed to security
Cyber Triage speeds incident response investigations using automated scoring and recommendations.
SOC analysts, consultants, and law enforcement use Cyber Triage to maximize artifacts processed per second and quickly neutralize attackers.
Digital Forensics Tool for the Cyber First Responder
Cyber Triage makes your incident response efforts more efficient when you are working around the clock to get attackers out.
It has 4 core concepts to make you as fast and comprehensive as possible:
- Collect the relevant artifacts from live running Windows systems and send results to a server, S3 bucket, or USB drive.
- Prioritize the artifacts using a variety of scoring techniques and algorithms to identify those that are associated with an intrusion.
- Recommend additional artifacts based on what the user tags.
- Collaborate with your team about your findings and share your results.
Cyber Triage’s flexibility allows it to integrate with SIEM/SOAR systems, leverage cloud infrastructure, and be used by both internal SOCs and MSSPs.
Maximize Your DFIR Artifacts Per Second
The key to getting attackers out is being able to quickly process lots of data from lots of hosts. This allows you to identify where they are and how they persist.
Cyber Triage allows you to achieve both speed and comprehensiveness:
- Speed: Artifact scoring allows you to quickly focus on the small set of artifacts that are relevant. Don’t waste your time on normal activity.
- Comprehensive: Thousands of artifacts are collected to look for malware and account takeovers. The recommendation engine makes sure you know about related items.
Cyber Triage’s automation makes you as fast as possible. In the words of 13Cubed, “It’s almost to the point of point and click forensics.”
10x
Faster Investigations
40+
Malware Scanning Engines
1
Click Reporting
Collect Comprehensive Evidence
Cyber Triage’s collection tool focuses on the artifacts needed for intrusion investigations. It saves time by making copies of only the important data from the live system, disk image, or memory image.
It is regularly updated based on attack trends and can be deployed from the Cyber Triage server, EDR, or USB.
Score Artifacts to Detect Threats
Cyber Triage analyzes the artifacts and assigns a score based on how likely they are to be from an intrusion. This makes the investigation faster because you can focus on the bad and suspicious items and ignore the thousands of irrelevant ones.
The scoring methods are updated regularly based on attack trends and threat intelligence. It includes coverage from 40+ malware scanning engines.
Recommend Additional Artifacts
As you dig deeper to identify root cause, Cyber Triage will recommend related artifacts. For example, calling out that a network connection came from a process that had a triggered task.
Cyber Triage helps you get to the root cause with a timeline of the system, a view of the folder structure, and the ability to pivot between artifact types.
Collaborate Within The Team
Collaboration and integration are critical to fast responses. During the investigation, Cyber Triage allows multiple investigators to work on the same incident and pull in data from past cases to determine relevance. At the end, you can generate a report to distribute.
At any time, Cyber Triage can integrate with SIEM and SOAR systems to start collections or export results.
See it in Action
This review by SANS instructor and YouTuber Richard Davis (13Cubed) provides a complete overview of our digital forensics tool, focusing on memory forensics and the Volatility integration.