Integrate with Cyber Triage

Cyber Triage integrates with other leading cyber security tools to enable you to respond as quickly and effectively as possible.

OPSWAT

Advanced threat detection and prevention platform

Where is it used within Cyber Triage?

All files that are collected from the endpoint can be sent to OPSWAT for analysis.

Why useful to user?

Multiple scanning engines provide a more broad perspective on all possible types of malware. Not every scanning engine will flag all malware.

Phantom

Orchestration platform that can be used to automate incident response workflows

Where is it used within Cyber Triage?

Phantom can start a Cyber Triage endpoint investigation based on their workbook.

Why useful to user?

Allows you to more quickly start an endpoint investigation and make the best use of incident responder’s time because the data will be ready for review when they are assigned to the alert.

Polyswarm

Decentralized threat intelligence market powered by the blockchain technology

Where is it used within Cyber Triage?

The user can upload individual files to the marketplace for advanced analysis.

Why useful to user?

Not every company has people who can reverse engineer malware and Polyswarm gives them access to people who can do advanced work to investigate suspicious files.

Splunk

SIEM that can be used to generate and triage alerts

Where is it used within Cyber Triage?
  • Splunk can start a Cyber Triage endpoint investigation when an alert is generated.
  • Cyber Triage results can be imported into Splunk so that the data is available for future alert triage.
Why useful to user?
  • Allows users to more quickly start the investigation and makes the best use of responder’s time.
  • Users will have more context when they investigate similar alerts in the future. They will know how common a process is or where else it was seen, for example.

The Sleuth Kit

Open source disk forensics tool

Where is it used within Cyber Triage?

The agentless collection tool uses The Sleuth Kit to find and copy files for both live systems and disk images.

Why useful to user?

Allows Cyber Triage to access locked files, does not modify timestamps, and allows it to see files hidden by attacker.

*Cyber Triage maintains The Sleuth Kit®

Volatility

Open source memory forensics tool

Where is it used within Cyber Triage?

Users can import a memory image that was collected from a live endpoint.

Why useful to user?
  • Some consultants may have access to only memory images.
  • Memory forensics techniques will show deleted data and artifacts that the attacker was trying to hide.

Yara

Malware research and detection tool

Where is it used within Cyber Triage?

Users can supply Yara rules in Cyber Triage to analyze collected files.

Why useful to user?
  • Allows users to use the latest rules that antivirus software may not know to use.
  • Consultants can customize what Cyber Triage is looking for with Yara to make it fit a specific use case.