It’s About Time(lines)!

It’s About Time(lines)!

https://www.youtube.com/embed/9G7mwfck2KQ   Using timestamps to determine what happened before or after an event is vital when investigating your endpoints. Timestamps allow you to see what programs were run or websites visited that may have been involved in a...

Using Volatility in Cyber Triage to Analyze Memory

Using Volatility in Cyber Triage to Analyze Memory

Sometimes the only evidence on an intrusion is in memory and not on disk. In these cases, memory forensics provides crucial evidence to your investigation. Cyber Triage now integrates with Volatility to parse memory images and display the results in the standard Cyber...

Integrate with Splunk for Faster Alert Triage

Integrate with Splunk for Faster Alert Triage

With the 2.1.10 Cyber Triage release, you can now integrate with Splunk.  This allows you to remotely start collections about suspicious endpoints and bring the results back to Splunk for multi-source correlations and alert triage. This blog covers the basics of the...

Phantom Integration Allows for Faster Responses

Phantom Integration Allows for Faster Responses

The Cyber Triage team likes to build stuff around themes and one of our current themes is about integrations.  It has been a growing feature request. This blog post talks about our recent Phantom integration. Next time, we’ll talk about Splunk. The Phantom integration...

More Changes To Make Your Response Faster

More Changes To Make Your Response Faster

Time is critical during incident response. Every minute you have an attacker roaming around your network can compromise valuable information and do irreparable damage to your systems. The latest Cyber Triage release saves your time by presenting information more...

Analytics Make User Account Investigations Easier

Analytics Make User Account Investigations Easier

When investigating an endpoint you need to look at user activity in addition to malware and system change indicators. Cyber Triage now provides analytics about user login behavior and activity. This makes it easier for incident responders to determine if a user...

Intro to IR Triage (Part 2): Analysis Categories

Intro to IR Triage (Part 2): Analysis Categories

In the 2nd post in our Intro to IR Triage series, we’re going to take a big picture view.  I want to give you the roadmap of how we are going to approach this series before diving into the technical details. In the last post, we talked about the goal of triage and...