The Cyber Triage Deployer script allows you to deploy the Cyber Triage Collector to endpoints via your EDR. This allows you to collect additional artifacts without needing to deploy additional agents.
Using Cyber Triage with your EDR allows you to get the data needed to resolve an incident. Read our blog post for more details.
The Deployer. has been used on many platforms, and we have step-by-step documentation for:
- Sentinel 1
- Windows Defender
- CrowdStrike
Basic Workflow and Configuration
The script will work without any changes, but you can customize:
- Where the resulting data goes. You can send up to S3, a Cyber Triage Server, or to a local file
- What data the Cyber Triage Collector will copy.
Typically, you will add the script to a library in your EDR.
Getting the Script
To integrate Cyber Triage with your EDR or SOAR using the Deployer script:
- Download the script
- Configure the script using the instructions in the User Manual
- Integrate with your EDR using the steps in the User Manual