Lite
Lightweight Collection & Reporting
Free
Standard
Automated Collection & Analysis
$2,500 /yr
Standard Pro
More Capacity & Ability to Batch Process
$3,500 /yr
Team
Team Collaboration & Enterprise Integrations
Get Quote
Feature Overview
| Lite | Standard | Standard Pro | Team | |
|---|---|---|---|---|
| Network- and S3-based collections | ||||
| Artifact scoring and malware scanning | ||||
| Recommendation engine | ||||
| Queue up and analyze multiple hosts at the same time | ||||
| Collaborate and share results within team in real time | ||||
| REST API, SIEM, and EDR integrations |
Feature Breakdown
| Lite | Standard | Standard Pro | Team | |
|---|---|---|---|---|
| Collection | ||||
| Collects volatile and file system data | ||||
| Collect to and from USB | ||||
| Collect over the network | ||||
| Collect to S3 bucket | ||||
| Imports disk images | ||||
| Imports KAPE output | ||||
| Imports logical files | ||||
| Imports memory images (uses MemProcFs and Volatility 2) | ||||
| Queue up multiple file-based collections | ||||
| Queue up multiple network-based collections | ||||
| Streaming ingest for EDR deployments | ||||
| Triggered by SIEM or SOAR | ||||
| Scoring | ||||
| Uses dozens of heuristics to identify suspicious items | ||||
| Detect malware using ReversingLabs | ||||
| Malware scanning limits | 5,000/week | 20,000/week | 4,000/day | |
| Analyzes files using Yara rules | ||||
| Hides known good items with allow lists | ||||
| Flags IOCs with bad lists | ||||
| Analyzes several hosts simultaneously | ||||
| Synchronize threat intelligence lists across all clients | ||||
| Review | ||||
| Manually score an item as good or bad | ||||
| Recommends additional items based on scoring | ||||
| Pivot through collected data to determine scope | ||||
| View timeline of threats to get context | ||||
| Correlates with single user’s previous collection to determine how common item is | ||||
| Groups hosts by incident for better reporting and correlation | ||||
| Collaborate and share data amongst the team | ||||
| Correlates with all user’s previous collections to determine how common item is | ||||
| Reporting | ||||
| Generates HTML, Excel, and CybOX reports | ||||
| Produces JSON report that can be imported into SIEMs | ||||
| Custom report branding | ||||
| Infrastructure | ||||
| Integrates with SIEMs and orchestration tools using REST API | ||||
| Stores data in a multi-user database | ||||
| Run as a windows service | ||||