Rapidly Investigate Cyber Incidents
Automated Investigation Platform for SOCs, MSSPs, DFIR Teams, and Law Enforcement
Trusted by
The Automated Investigation Platform
Cyber Triage is automated DFIR software that empowers your team to quickly investigate incidents.
- Scores artifacts so you quickly focus on relevant data.
- Scans executables with 40+ malware detection engines.
- Recommends artifacts so you follow up on all leads.
- Integrates with EDRs for rapid endpoint triage after alerts.
- Deploys in environments agents can’t be used.
Find answers fast with Cyber Triage.
Attackers are Faster
Investigate faster with automation.
Median time to data exfiltration got 4.5 times faster in 2024, going from 9 days in 2023 to 2 days a year later.*
*Global Incident Response Report 2024 by Palo Alto Networks®
Cyber Triage allows IR teams to find root cause quickly.
- Faster evidence with adaptive, automated, and EDR integrated collection.
- Faster analysis with bad and suspicious items automatically flagged.
- Faster certainty with automation that makes sure no steps are missed.
Find answers fast with automation.
Investigate Beyond Your EDR
EDRs are for detection. Not investigation.
SOC managers surveyed often or always worry about persistent threats post analyst review.*
*2024 SOC managers survey via Maven for Cyber Triage
Cyber Triage allows SOC analysts to find evidence EDRs miss:
- Access data hidden by EDR evasion or past retention dates.
- Review artifacts around the alert to identify undetected activity.
- Get clues of suspicious activity the EDR didn't flag.
Cyber Triage shows you the impact of the alert.
INVESTIGATE IN MINUTES
Automation means faster decisions.
- Find
- Evidence ASAP with EDR and SOAR integrated collection.
- Relevant artifacts immediately with automated analysis.
- Every lead fast with artifact recommendation.
RESPOND WITH CONFIDENCE
Automation means comprehensive investigations.
- Comprehensive
- Collection that covers all relevant artifact + attack scenarios.
- Analysis that scours millions of records for clues.
- Automation that ensures the basics are airtight.
SCALE WITHOUT COMPROMISE
Automation means empowered teams.
- Maximize
- Productivity of understaffed teams with automated analysis.
- Impact of jr. responders with a UI built for all experience levels.
- Teamwork with shared findings and collaborative investigations.
- Flexibility with deployments on laptop, cloud, or on-prem server.
Cyber Triage in Your Workflow
Cyber Triage is simple for IR teams to deploy and use.
Agentless collection tool collects data and sends artifacts over the network, to USB, or S3.
Step01
Data artifacts are normalized into information artifacts, simplifying the investigation.
Step02
Automated analysis finds bad and suspicious items and highlights them for review.
Step03
As the responder reviews, similar items are automatically found and recommended.
Step04
Easily generate human and machine readable reports with the findings.
Step05
Easily speed up your investigations with Cyber Triage.
Cyber Triage in Your Workflow
Cyber Triage integrates directly into EDRs.
EDR generates an alert.
Step01
Launch Cyber Triage PowerShell script.
Step02
Data is collected and sent to Cyber Triage.
Step03
Cyber Triage prioritizes bad + suspicious items.
Step04
Analyst determines best response.
Step05
Turn your EDR into an end-to-end investigation platform with Cyber Triage.
How to Investigate with Cyber Triage
Learn DFIR Free with Brian Carrier
Intrusion investigations are amongst the most difficult for digital forensic investigators because there are so many types of evidence to look for. Our Divide and Conquer DFIR Process helps investigators answer these hard questions by breaking them into smaller questions.
Built by Forensics Veterans
Cyber Triage is built by Sleuth Kit Labs, a spinout of BasisTech. This is the same team responsible for 20+ years of open source tools, including Autopsy and The Sleuth Kit (TSK). Sleuth Kit Labs believes in making the jobs of those on the front lines easier by making software that is automated and easy to use. The company understands that it can’t decrease first responders’ responsibilities, but it can make digital forensics as easy and effective as possible.
Get Cyber Triage
Try Cyber Triage to see how it will make your intrusion investigations faster and more comprehensive. Fill out this form to get an installer. Get started with our scenario data (or your own).
Download your free 7-day evaluation
with scenario data