Cyber Triage Enterprise Tiers
Investigate faster by integrating Cyber Triage into your security stack.
The Enterprise tier adds advanced integrations to both the Standard and Team versions of Cyber Triage. They maximize the speed and comprehensiveness of your investigations.
Who needs Enterprise?
SOCs
Analysts who need to do quick Endpoint Triage after a valid alert to understand the scope of the incident.
This tier allows them to analyze EDR data in Cyber Triage to get answers fast.
DFIR teams
Investigators who want one platform for doing DFIR collections, reviewing EDR telemetry, quickly analyzing data, and publishing and storing results.
This tier is an investigation platform with all those features and more.
Key Features
Import TelemetryGet fast and comprehensive evidence for investigations by importing EDR data into Cyber Triage.
Connect Threat IntelDetect more malicious activity by connecting your threat intelligence feeds to Cyber Triage.
Publish ResultsImprove your threat intel and securely store findings by integrating Cyber Triage with your case management systems.
Control AccessEnsure compliance and protect sensitive data with incident-level access control.
Import Telemetry
The Enterprise tiers allow you to import EDR telemetry directly into Cyber Triage so your team can get the breadth of EDR data with the analytics of an investigation platform.
This feature makes both endpoint triage and full investigations faster and more comprehensive.
Connect Threat Intel
The Enterprise tiers allow you to integrate your threat intel feeds directly into Cyber Triage, adding another layer to the 40+ malware engines, Yara Rules, Hayabusa, baseline filtering, and other detections that come with Cyber Triage.
This feature makes Cyber Triage’s Automated Analysis even more comprehensive and powerful.
Publish Results
The Enterprise tiers allow you to forward investigation findings and new IOCs to your case management system or threat intelligence platforms using its APIs.
This feature makes results easier to share and store. It also means every Cyber Triage investigation can improve detection for all your tools.
Access Control
The Enterprise version of Team gives you incident-level role-based access control over investigation data.
This feature prevents analysts and investigators from accessing data they shouldn’t and allows security teams to comply with data protection policies.
Versions
Available in both desktop and team versions.
Interested in Enterprise?
Contact sales to schedule your POC.
FAQ
The Enterprise tiers integrate with tools across the investigation process, including EDR platforms, SIEMs, case management systems, and, coming soon, threat intelligence feeds. These integrations allow Cyber Triage to ingest telemetry, enrich investigations with intelligence, and publish results back into existing workflows. The Enterprise tiers enable Cyber Triage to function as the investigation platform within your security stack rather than as a standalone tool.
The Enterprise tiers currently ingest Defender telemetry and will soon ingest data from SentinelOne, then Crowdstrike.
The Enterprise tiers currently integrate with DFIR IRIS and supports exports to Timesketch.
The Enterprise tiers will integrate with commercial, open-source, and internally developed threat intelligence feeds. This functionality is currently available via manual processing and the API on Team, but with enterprise you will be able to automate it. These intelligence sources are correlated directly against investigation data inside Cyber Triage. This expands detection and scoring coverage beyond built-in analytics and could potentially help teams identify additional malicious activity. This feature is not available yet, but it is on the 2026 roadmap.
The Enterprise tiers currently integrate with Splunk. In addition, there is a REST API that can be used to build integrations with other platforms.
Incident-level access control in Cyber Triage limits who can view or interact with incidents. This ensures investigators and analysts only see the incident data they are authorized to view. This supports compliance requirements and protects sensitive data while enabling secure collaboration. Common scenarios for SOCs include limiting access to sensitive systems, the ability to isolate internal investigations, and law enforcement controlling access to classified cases.
No. The Enterprise tiers are designed to complement and fill gaps in existing security tools, not replace them. Cyber Triage focuses on investigation and analysis, then feeds results back into EDRs, SIEMs, and case management systems in order to improve detection capabilities. This allows organizations to enhance their security operations without disrupting established workflows.
Both. Internal SOCs and MSSPs commonly use Cyber Triage Enterprise for rapid endpoint triage following a valid alert to determine scope and severity. DFIR teams and consultants use the same platform for full investigations, including collection, analysis, and publishing results. The Enterprise tiers support the entire investigation process.
Integrations in the Enterprise tiers are managed through controlled, secure configurations and APIs. Access to data exchanged through integrations is governed by Cyber Triage’s role-based access controls. This ensures integrations improve speed and visibility without compromising security or compliance.
Standard Pro is best for individual investigators who need faster, more effective endpoint analysis without deep system integrations. Standard Enterprise is appropriate when a single user needs to ingest EDR telemetry, leverage external threat intelligence, or publish results into other security systems. The difference is primarily the need for integration rather than scale.
Team is designed for teams that need collaborative investigations and shared infrastructure without advanced integrations. Team Enterprise is intended for organizations that want team-based investigations tightly integrated with EDRs, SIEMs, case management, and threat intelligence platforms. It is the right choice for teams that need maximum investigation speed and comprehensiveness at scale.