Our blog series help you learn incident response best practices and keep you in the loop on the latest updates to our automated incident response software, Cyber Triage.

How to Speed Up Incident Response:

• Incident Response KPIs: SPEED Is Critical. Here Are Five Reasons Why.
• How to Speed Up Incident Response: Start the Investigation Faster
• How to Speed Up Incident Response: Faster Artifact Collection
• How to Speed Up Incident Response: Analyze Faster (Part 1)
• How to Speed Up Incident Response: Faster Analysis (Part 2)
• How to Speed Up Incident Response: Faster Scoping

Intro to Incident Response Triage (Divide and Conquer Approach):

• Intro to Incident Response Triage (Part 1): Buyer’s Guide
• Intro to Incident Response Triage (Part 2): Analysis Categories
• Intro to Incident Response Triage (Part 3): User Enumeration
• Intro to Incident Response Triage (Part 4): User Logins
• Intro to Incident Response Triage (Part 5): User Activity
• Intro to Incident Response Triage (Part 6): Malware Persistence
• How to Detect Running Malware – Intro to Incident Response Triage (Part 7)
• How to Detect Malware Remnants – Intro to Incident Response Triage (Part 8)
• How to Detect System Configuration Changes – Intro to Incident Response Triage (Part 9)

How to Apply OODA to DFIR

• How to Use OODA Loop in Your Incident Response Process in 2020
• How to Observe During the Incident Response Process
• How to Orient During the Incident Response Process
• How to Make Data-Based Decisions During Incident Response
• How to Execute During Incident Response

Cyber Triage Integrations:

• ReversingLabs Integration Improves Malware Scanning
• Use of PsExec That Doesn’t Reveal Password Hashes
• Volatility integration in Cyber Triage to Analyze Memory
• Search For Advanced Malware In Cyber Triage Using Yara Rules
• Integrate with Splunk for Faster Alert Triage
• Phantom Integration Allows for Faster Responses

Cyber Triage Releases:

• Upload Your DFIR Artifacts to S3 (2.14)
• Feedback-Driven Upgrades (2.13.1)
• Offline Malware Scanning (2.13)
• Online File Reputation Service (2.12)
• Investigation History, Timeline Filtering, and More (2.11)
• Visualization, Exporting, and More (2.10)
• Recommendation Engine (2.9)
• Finding Intrusion Evidence in the Same Folder (2.7)
• Collect Faster by Collecting Less (2.6)
• It’s About Time(lines)! (2.3)
• More Changes To Make Your Response Faster (2.1)
• Reducing Response Time with Whitelisting (1.2)