Integrate with Cyber Triage

Integration with leading cyber security tools for quick and effective response

Demisto

Comprehensive Security Operations Platform

Where is it used?

Demisto can launch a Cyber Triage investigation. Orchestration solutions allow companies to have a faster and more efficient response because common steps are automated and do not require human intervention.

Why is it useful?

Allows you to more quickly start an endpoint investigation and make the best use of incident responder’s time because the data will be ready for review when they are assigned to the alert.

OPSWAT

Advanced threat detection and prevention platform.

Where is it used?

All files that are collected from the endpoint can be sent to OPSWAT for analysis.

Why is it useful?

Multiple scanning engines provide a more broad perspective on all possible types of malware. Not every scanning engine will flag all malware.

Phantom

Orchestration platform that can be used to automate incident response workflows.

Where is it used?

Phantom can start a Cyber Triage endpoint investigation as part of a workflow.

Why is it useful?

Allows you to more quickly start an endpoint investigation and make the best use of incident responder’s time because the data will be ready for review when they are assigned to the alert.

Polyswarm

Decentralized threat intelligence market powered by the blockchain technology.

Where is it used?

The user can upload individual files to the marketplace for advanced analysis.

Why is it useful?

Not every company has people who can reverse engineer malware and Polyswarm gives them access to people who can do advanced work to investigate suspicious files.

Splunk

SIEM that can be used to generate and triage alerts.

Where is it used?
  • Splunk can start a Cyber Triage endpoint investigation when an alert is generated.
  • Cyber Triage results can be imported into Splunk so that the data is available for future alert triage.
Why is it useful?
  • Allows users to more quickly start the investigation and makes the best use of responder’s time.
  • Users will have more context when they investigate similar alerts in the future. They will know how common a process is or where else it was seen, for example.

The Sleuth Kit

Open source disk forensics tool.

Where is it used?

The agentless collection tool uses The Sleuth Kit to find and copy files for both live systems and disk images.

Why is it useful?

Allows Cyber Triage to access locked files, does not modify timestamps, and allows it to see files hidden by attacker.

*Cyber Triage maintains The Sleuth Kit®

Volatility

Open source memory forensics tool.

Where is it used?

Users can import a memory image that was collected from a live endpoint.

Why is it useful?
  • Some consultants may have access to only memory images.
  • Memory forensics techniques will show deleted data and artifacts that the attacker was trying to hide.

Yara

Malware research and detection tool.

Where is it used?

Users can supply Yara rules in Cyber Triage to analyze collected files.

Why is it useful?
  • Allows users to use the latest rules that antivirus software may not know to use.
  • Consultants can customize what Cyber Triage is looking for with Yara to make it fit a specific use case.