Lite
Lightweight Collection & Reporting
Core features:
- Collects volatile and file system data
- Analyzes memory images using Volatility
- Generates HTML and CybOX reports.
Standard
Automated Collection & Analysis
All Lite features plus:
- Collects over the network
- Automated malware and suspicious item analysis
- Correlates with single user’s previous collection to determine how common item is.
Standard Pro
Multiple Hosts per Week
All Standard features plus:
- Increased daily malware scan limits
- Ability to queue up batches of collected data for processing
- 1-month term licenses available
Team
Collaboration & Integration
All Standard features plus:
- Collect and analyze multiple hosts at the same time
- Collaborate and work on the same incident at the same time
- REST API to integrate with orchestration systems
Feature Breakdown
Standard | Standard Pro | Team | |
|---|---|---|---|
| Collects volatile and file system data | |||
| Collects to USB Drive | |||
| Analyzes memory images using Volatility | |||
| Pivot through collected data to determine scope | |||
| View timeline of threats to get context | |||
| Generates HTML and CybOX reports | |||
| Collects over the network | |||
| Automatically analyzes data to identify suspicious items | |||
| Detect malware using ReversingLabs | |||
| Analyzes files using Yara rules | |||
| Hides known good items with allowlists | |||
| Flags IOC with denylists | |||
| Correlates with single user’s previous collection to determine how common item is | |||
| Groups hosts by incident for better reporting and correlation | |||
| Produces JSON report that can be imported into SIEMs | |||
| Custom report branding | |||
| Collect to and from USB | |||
| Collect over the network | |||
| Collect to S3 | |||
| Malware scanning limits | 5000/week | 4000/day | 4000/day |
| Queue up multiple collections | |||
| Collaborate and share data amongst the team | |||
| Integrate with orchestration system | |||
| Scoring and Recommendations | |||
| Collects from many hosts simultaneously | |||
| Queue lists of hosts for scanning | |||
| Integrates with SIEMs and orchestration tools using REST API | |||
| Stores data in a multi-user database | |||
| Correlates with all user’s previous collections to determine how common item is | |||
| Simultaneously collect and analyze multiple hosts at the same time | |||
| Correlates artifacts with past cases the team has worked | |||
| Analysts can collaborate and work on the same incident at the same time | |||
| Higher performance via PostgreSQL server | |||
| Synchronize threat intelligence lists across all clients | |||
| Headless ingest | |||
| Run as a windows service | |||
| Higher malware scanning limits (refreshed daily instead of weekly) | |||
| Free team server key |