by Brian Carrier, Chris Ray | Nov 30, 2018 | Blog, New Features
Cyber Triage users now have another option when looking for Security Orchestration and Automation Response (SOAR) solutions because Demisto can now launch a Cyber Triage investigation. Orchestration solutions allow companies to have a faster and more efficient...
by Brian Carrier, Chris Ray | Nov 6, 2018 | Blog, New Features
Cyber Triage is an agentless incident response system and one of the methods that we use to get data from a compromised endpoint is to send our collection tool out via PsExec. When we tell experienced incident responders this, the typical dialog is: Responder: So, are...
by Brian Carrier | Jul 27, 2018 | Blog, New Features
Using timestamps to determine what happened before or after an event is vital when investigating your endpoints. Timestamps allow you to see what programs were run or websites visited that may have been involved in a suspicious event. The latest Cyber Triage 2.3.0...
by Brian Carrier | May 4, 2018 | New Features
Sometimes the only evidence on an intrusion is in memory and not on disk. In these cases, memory forensics provides crucial evidence to your investigation. Cyber Triage now integrates with Volatility to parse memory images and display the results in the standard Cyber...
by Brian Carrier | Mar 19, 2018 | Blog
You can now use Yara signatures in Cyber Triage to search endpoints for new or advanced malware during incident response. Yara allows malware researchers to define binary patterns that can be easily shared. When you configure Cyber Triage with Yara rules, they will be...
by Brian Carrier | Feb 5, 2018 | Blog, New Features
With the 2.1.10 Cyber Triage release, you can now integrate with Splunk. This allows you to remotely start collections about suspicious endpoints and bring the results back to Splunk for multi-source correlations and alert triage. This blog covers the basics of the...
