Lite
Lightweight Collection & Reporting
Core features:
- Collects volatile and file system data
- Analyzes memory images using Volatility
- Generates HTML and CybOX reports.
Standard
Automated Collection & Analysis
All Lite features plus:
- Collects over the network
- Automated malware and suspicious item analysis
- Correlates with single user’s previous collection to determine how common item is.
Standard Pro
Multiple Hosts per Week
All Standard features plus:
- Increased daily malware scan limits
- Ability to queue up batches of collected data for processing
- 1-month term licenses available
Team
Collaboration & Integration
All Standard features plus:
- Collect and analyze multiple hosts at the same time
- Collaborate and work on the same incident at the same time
- REST API to integrate with orchestration systems
Feature Breakdown
Standard | Standard Pro | Team | |
---|---|---|---|
Collects volatile and file system data | |||
Collects to USB Drive | |||
Analyzes memory images using Volatility | |||
Pivot through collected data to determine scope | |||
View timeline of threats to get context | |||
Generates HTML and CybOX reports | |||
Collects over the network | |||
Automatically analyzes data to identify suspicious items | |||
Detect malware using ReversingLabs | |||
Analyzes files using Yara rules | |||
Hides known good items with allowlists | |||
Flags IOC with denylists | |||
Correlates with single user’s previous collection to determine how common item is | |||
Groups hosts by incident for better reporting and correlation | |||
Produces JSON report that can be imported into SIEMs | |||
Custom report branding | |||
Collect to and from USB | |||
Collect over the network | |||
Collect to S3 | |||
Malware scanning limits | 5000/week | 4000/day | 4000/day |
Queue up multiple collections | |||
Collaborate and share data amongst the team | |||
Integrate with orchestration system | |||
Scoring and Recommendations | |||
Collects from many hosts simultaneously | |||
Queue lists of hosts for scanning | |||
Integrates with SIEMs and orchestration tools using REST API | |||
Stores data in a multi-user database | |||
Correlates with all user’s previous collections to determine how common item is | |||
Simultaneously collect and analyze multiple hosts at the same time | |||
Correlates artifacts with past cases the team has worked | |||
Analysts can collaborate and work on the same incident at the same time | |||
Higher performance via PostgreSQL server | |||
Synchronize threat intelligence lists across all clients | |||
Headless ingest | |||
Run as a windows service | |||
Higher malware scanning limits (refreshed daily instead of weekly) | |||
Free team server key |