Free Workshop: Investigating Insider Threats — February 20-27

Team REST API

Integrate your security applications to ensure a fast response

Get Data When You Need It

Your response is fastest when your security platforms can communicate.

The Cyber Triage Server has a REST API that enables:

SIEMs and SOARs to start collections as soon as an alert is generated

XDRs and SOARs to query for collected artifacts

Initiate Collections

Quickly collect data based on an alert to:

  • Save analyst time by having the results waiting for them
  • Ensure data is preserved before the system goes offline

The Cyber Triage REST API allows an application to start  collecting from a computer and specify what kinds of data to collect.

Cyber Triage has integrations with several SIEM and SOAR systems, including:

If your SOAR is not listed on our integrations page, then please contact us.

Querying Artifacts

Siloed data is not efficient and Cyber Triage data can be integrated with a SOAR, XDR, or SIEM.  This allows:

  • Incident tickets to have Cyber Triage’s top scored items
  • Threat intelligence to be updated based on Cyber Triage results

The Cyber Triage Team REST API allows applications to query for:

  • Status of collections and hosts
  • List of bad and suspicious items for each host
  • Lists of items by type, such as all startup items or scheduled tasks
  • HTML or JSON reports

Integrate with Cyber Triage Team

Use Cyber Triage Team to get the REST API and make your responses faster.

Start Your Free Trial