| Ad-Hoc Process |
Cyber Triage |
EDR | |
|---|---|---|---|
| Cost | Free | $2,500 / investigator | Often $50,000+ price / endpoint & user |
| Collection | |||
| Collects Malware-associated Artifacts | |||
| Collects User-associated Artifacts | |||
| Collects System Configuration Artifacts | |||
| Remote Collection | With Scripting | ||
| Single Step Collection | With Scripting | ||
| Disk Images | |||
| Analysis | |||
| Displays Collected Artifacts | |||
| Assigns Threat Scores to Artifacts | |||
| Integrates with Threat Intelligence | |||
| Correlates with Past Incidents | |||
| Supports Team Collaboration | |||
| Integrates with SIEM and SOAR | |||
| Investigative Workflow | |||
| Reporting | |||
| Generates report based on investigative findings | |||
In addition to Cyber Triage, companies are often considering other types of host-based investigative solutions.
- Ad-Hoc Process: Using many tools to complete the end-to-end host investigation process. Many of the tools are command line, free, and produce text file outputs
- EDR: Endpoint Detection and Response agents are always running and collecting data. Their stored data can be used during the investigation.
If you’d like to try Cyber Triage yourself, sign up for a free evaluation of the full version.