It’s been quite a summer!
On top of managing the COVID world, our engineering team has been both satisfying customer requests & ripping the internals of Cyber Triage to make version 3.
The 2.13.1 release adds customer requests, and we’ll outline some of them here. To try the latest version of Cyber Triage, click here.
Here’s a quick summary of the new and notable features:
- Web: Support for Chromium-based Edge was added, and we now parse the web history URLs to identify searches that were performed
- Offline Malware Scanning: Team deployments can now use the offline malware scanning feature
- Recommendation Engine: You can now mark all of the items with one button click and you can automatically mark the suggested items as “Bad” instead of just “Suspicious”
- OS Info: We now collect all IPs that the host was using and the OS install date
- Collection Tool: We fixed some bugs and improved error handling
- Memory Extension: Based on a comment from the 13Cubed review, “.raw” files are shown in the memory image file picker
- Lists: We changed “Black” and “White Lists” to “Bad” and “Good Lists.”
What’s in Version 3?
Version 3 will come out at the end of the year, and the main theme is a new database infrastructure, which will provide a lot more capabilities and allow for more scaling.
Along with the new database, we’ll have:
- Full REST APIs on the Team server
- Better session and incident management
The new infrastructure will also allow for lots of other concepts like hunting and continuous monitoring.
The upgrade to version 3 will be free for all existing Cyber Triage customers.
If you’d like to try the latest version of Cyber Triage to make your endpoint investigations faster and more thorough, you can fill out the form here.
If you’d like to receive more DFIR-related content from the Cyber Triage team, then you can sign up for the Cyber RespondIR here.