Version
Annual Price
Malware Limits
Runs As
Features
Standard
$2,500 USD
1-2 hosts per week Assumes 2,500 hash lookups per host
Desktop Application
All Collection Methods
Automatic Artifact Scoring
Malware Lookup, Upload, and Sandbox
S3 Evidence Storage
Recommendation Engine
Unlimited Support
Most PopularStandard Pro
8-10 hosts per week Assumes 2,500 hash lookups per host
Desktop Application
All Standard features plus:
Processing Queue
Queue up hosts to enable processing 24×7
Team
8-10 hosts per week Assumes 2,500 hash lookups per host
Server and clients
All Standard & Standard Pro features plus:
Live Collaboration
Ability to share current and past incidents with colleagues and collaborate in real-time
Performance
Parallel processing of multiple hosts at a time
Integrations
REST API to integrate with EDR and SIEMs
Feature Overview
| Standard | Standard Pro | Team | |
|---|---|---|---|
| Network- and S3-based collections | |||
| Artifact scoring and malware scanning | |||
| Recommendation engine | |||
| Queue up and analyze multiple hosts at the same time | |||
| Collaborate and share results within team in real time | |||
| REST API, SIEM, and EDR integrations |
Feature Breakdown
| Standard | Standard Pro | Team | |
|---|---|---|---|
| Collection | |||
| Collects volatile and file system data | |||
| Collect to and from USB | |||
| Collect over the network | |||
| Collect to S3 bucket | |||
| Imports disk images | |||
| Imports KAPE output | |||
| Imports logical files | |||
| Imports memory images (uses Volatility 2) | |||
| Queue up multiple file-based collections | |||
| Queue up multiple network-based collections | |||
| Streaming ingest for EDR deployments | |||
| Triggered by SIEM or SOAR | |||
| Scoring | |||
| Uses dozens of heuristics to identify suspicious items | |||
| Detect malware using ReversingLabs | |||
| Malware scanning limits | 5000/week | 4000/day | 4000/day |
| Analyzes files using Yara rules | |||
| Hides known good items with allow lists | |||
| Flags IOCs with bad lists | |||
| Analyzes several hosts simultaneously | |||
| Synchronize threat intelligence lists across all clients | |||
| Review | |||
| Manually score an item as good or bad | |||
| Recommends additional items based on scoring | |||
| Pivot through collected data to determine scope | |||
| View timeline of threats to get context | |||
| Correlates with single user’s previous collection to determine how common item is | |||
| Groups hosts by incident for better reporting and correlation | |||
| Collaborate and share data amongst the team | |||
| Correlates with all user’s previous collections to determine how common item is | |||
| Reporting | |||
| Generates HTML, Excel, and CybOX reports | |||
| Produces JSON report that can be imported into SIEMs | |||
| Custom report branding | |||
| Infrastructure | |||
| Integrates with SIEMs and orchestration tools using REST API | |||
| Stores data in a multi-user database | |||
| Run as a windows service | |||
Cyber Triage will save you money per year by:
Reducing investigation times by hours or days each time
Providing you access to threat intelligence feeds that cost tens of thousands of dollars.
Reducing the time your senior responders need to spend with junior responders