Find the Right Plan for You

Lite

Free
Lightweight collection & reporting

Download

Core features:

  • Collects volatile and file system data
  • Analyzes memory images using Volatility
  • Generates HTML and CybOX reports.

Standard

Starting at

$1,999/user

per year

Automation & analysis

Request Quote

All Lite features plus:

  • Collects over the network
  • Automated malware and suspicious item analysis
  • Correlates with single user’s previous collection to determine how common item is.

Team

Request Quote
Collaboration, integration, & orchestration

Request Quote

All Standard features plus:

  • Simultaneously collect and analyze multiple hosts at the same time
  • Analysts can collaborate and work on the same incident at the same time
  • REST API to integrate with orchestration systems to start collections.
Lite
Standard
Team
Cost Free $1,999 / Investigator Request Quote
Full Feature Breakdown
Collects volatile and file system data
Collects to USB Drive
Analyzes memory images using Volatility
Pivot through collected data to determine scope
View timeline of threats to get context
Generates HTML and CybOX reports
Collects over the network
Automatically analyzes data to identify suspicious items
Detect malware using ReversingLabs
Analyzes files using Yara rules
Hides known good items with allowlists
Flags IOC with denylists
Correlates with single user’s previous collection to determine how common item is
Groups hosts by incident for better reporting and correlation
Produces JSON report that can be imported into SIEMs
Collects from many hosts simultaneously
Queue lists of hosts for scanning
Integrates with SIEMs and orchestration tools using REST API
Stores data in a multi-user database
Correlates with all user’s previous collections to determine how common item is
Simultaneously collect and analyze multiple hosts at the same time
Correlates artifacts with past cases the team has worked
Analysts can collaborate and work on the same incident at the same time
Higher performance via PostgreSQL server
Synchronize threat intelligence lists across all clients
Headless ingest
Run as a windows service
Higher malware scanning limits (refreshed daily instead of weekly)
Free team server key