Free Workshop: Investigating Insider Threats — February 20-27

Investigate Faster. Try for free.

7-day trial, no credit card needed.

Version

Annual Price

Malware Limits

Runs As

Features

Version

Standard

Annual Price

$2,500 USD

Malware Limits

1-2 hosts per week Assumes 2,500 hash lookups per host

Requirements

Desktop Application

Features

All Collection Methods

Automatic Artifact Scoring

Malware Lookup, Upload, and Sandbox

S3 Evidence Storage

Recommendation Engine

Unlimited Support

Version

Most PopularStandard Pro

Annual Price

$3,500 USD

Malware Limits

8-10 hosts per week Assumes 2,500 hash lookups per host

Requirements

Desktop Application

Features

All Standard features plus:

Processing Queue
Queue up hosts to enable processing 24×7

 

 

Version

Team

Annual Price

Request Quote

Malware Limits

8-10 hosts per week Assumes 2,500 hash lookups per host

Requirements

Server and clients

Features

All Standard & Standard Pro features plus:

Live Collaboration
Ability to share current and past incidents with colleagues and collaborate in real-time

Performance
Parallel processing of multiple hosts at a time

Integrations
REST API to integrate with EDR and SIEMs

Feature Overview

Standard Standard Pro Team
Network- and S3-based collections
Artifact scoring and malware scanning
Recommendation engine
Queue up and analyze multiple hosts at the same time
Collaborate and share results within team in real time
REST API, SIEM, and EDR integrations

Feature Breakdown

Standard Standard Pro Team
Collection
Collects volatile and file system data
Collect to and from USB
Collect over the network
Collect to S3 bucket
Imports disk images
Imports KAPE output
Imports logical files
Imports memory images (uses Volatility 2)
Queue up multiple file-based collections
Queue up multiple network-based collections
Streaming ingest for EDR deployments
Triggered by SIEM or SOAR
Scoring
Uses dozens of heuristics to identify suspicious items
Detect malware using ReversingLabs
Malware scanning limits 5000/week 4000/day 4000/day
Analyzes files using Yara rules
Hides known good items with allow lists
Flags IOCs with bad lists
Analyzes several hosts simultaneously
Synchronize threat intelligence lists across all clients
Review
Manually score an item as good or bad
Recommends additional items based on scoring
Pivot through collected data to determine scope
View timeline of threats to get context
Correlates with single user’s previous collection to determine how common item is
Groups hosts by incident for better reporting and correlation
Collaborate and share data amongst the team
Correlates with all user’s previous collections to determine how common item is
Reporting
Generates HTML, Excel, and CybOX reports
Produces JSON report that can be imported into SIEMs
Custom report branding
Infrastructure
Integrates with SIEMs and orchestration tools using REST API
Stores data in a multi-user database
Run as a windows service

Cyber Triage will save you money per year by:

Reducing investigation times by hours or days each time

Providing you access to threat intelligence feeds that cost tens of thousands of dollars.

Reducing the time your senior responders need to spend with junior responders