Deploy Cyber Triage via EDR

The Cyber Triage Deployer script allows you to deploy the Cyber Triage Collector to endpoints via your EDR.  It is a Powershell script that makes integrations easier.

You can integrate Cyber Triage with your EDR to collect the DFIR artifacts your EDR is ignoring. EDRs are powerful for detecting most attacks, but they are not investigation tools. Using Cyber Triage with your EDR allows you to get the data needed to resolve an incident.  Read our blog post for more details.

The Deployer. has been used on many platforms, and we have step-by-step documentation for:

  • Sentinel 1
  • Windows Defender

Download Deployer Script

Basic Workflow and Configuration

The script allows you to pick three types of settings:

  • How the Cyber Triage Collector will get to the endpoint. You can copy one over or download one from our servers.
  • What data the Cyber Triage Collector will copy.
  • Where the resulting data goes. You can send up to S3, a Cyber Triage Server, or to a local file

Typically, you will add the script to a library in your EDR.

Getting the Script

To integrate Cyber Triage with your EDR or SOAR using the Deployer script: