Lite
Free
Lightweight collection & reporting
Core features:
- Collects volatile and file system data
- Analyzes memory images using Volatility
- Generates HTML and CybOX reports.
Standard
Starting at
$1,999/user
per year
Automation & analysis
All Lite features plus:
- Collects over the network
- Automated malware and suspicious item analysis
- Correlates with single user’s previous collection to determine how common item is.
Team
Request Quote
Collaboration, integration, & orchestration
All Standard features plus:
- Simultaneously collect and analyze multiple hosts at the same time
- Analysts can collaborate and work on the same incident at the same time
- REST API to integrate with orchestration systems to start collections.
Lite |
Standard |
Team |
|
|---|---|---|---|
| Cost | Free | $1,999 / Investigator | Request Quote |
Full Feature Breakdown |
|||
| Collects volatile and file system data | |||
| Collects to USB Drive | |||
| Analyzes memory images using Volatility | |||
| Pivot through collected data to determine scope | |||
| View timeline of threats to get context | |||
| Generates HTML and CybOX reports | |||
| Collects over the network | |||
| Automatically analyzes data to identify suspicious items | |||
| Detect malware using ReversingLabs | |||
| Analyzes files using Yara rules | |||
| Hides known good items with allowlists | |||
| Flags IOC with denylists | |||
| Correlates with single user’s previous collection to determine how common item is | |||
| Groups hosts by incident for better reporting and correlation | |||
| Produces JSON report that can be imported into SIEMs | |||
| Collects from many hosts simultaneously | |||
| Queue lists of hosts for scanning | |||
| Integrates with SIEMs and orchestration tools using REST API | |||
| Stores data in a multi-user database | |||
| Correlates with all user’s previous collections to determine how common item is | |||
| Simultaneously collect and analyze multiple hosts at the same time | |||
| Correlates artifacts with past cases the team has worked | |||
| Analysts can collaborate and work on the same incident at the same time | |||
| Higher performance via PostgreSQL server | |||
| Synchronize threat intelligence lists across all clients | |||
| Headless ingest | |||
| Run as a windows service | |||
| Higher malware scanning limits (refreshed daily instead of weekly) | |||
| Free team server key | |||