The Cyber Triage Deployer script allows you to deploy the Cyber Triage Collector to endpoints via your EDR. It is a Powershell script that makes integrations easier.
You can integrate Cyber Triage with your EDR to collect the DFIR artifacts your EDR is ignoring. EDRs are powerful for detecting most attacks, but they are not investigation tools. Using Cyber Triage with your EDR allows you to get the data needed to resolve an incident. Read our blog post for more details.
The Deployer. has been used on many platforms, and we have step-by-step documentation for:
- Sentinel 1
- Windows Defender
Basic Workflow and Configuration
The script allows you to pick three types of settings:
- How the Cyber Triage Collector will get to the endpoint. You can copy one over or download one from our servers.
- What data the Cyber Triage Collector will copy.
- Where the resulting data goes. You can send up to S3, a Cyber Triage Server, or to a local file
Typically, you will add the script to a library in your EDR.
Getting the Script
To integrate Cyber Triage with your EDR or SOAR using the Deployer script:
- Download the script
- Configure the script using the instructions in the User Manual
- Integrate with your EDR using the steps in the User Manual