Get Data When You Need It
Your response is fastest when your security platforms can communicate.
The Cyber Triage Server has a REST API that enables:
SIEMs and SOARs to start collections as soon as an alert is generated
XDRs and SOARs to query for collected artifacts
Initiate Collections
Quickly collect data based on an alert to:
- Save analyst time by having the results waiting for them
- Ensure data is preserved before the system goes offline
The Cyber Triage REST API allows an application to start collecting from a computer and specify what kinds of data to collect.
Cyber Triage has integrations with several SIEM and SOAR systems, including:
If your SOAR is not listed on our integrations page, then please contact us.
Querying Artifacts
Siloed data is not efficient and Cyber Triage data can be integrated with a SOAR, XDR, or SIEM. This allows:
- Incident tickets to have Cyber Triage’s top scored items
- Threat intelligence to be updated based on Cyber Triage results
The Cyber Triage Team REST API allows applications to query for:
- Status of collections and hosts
- List of bad and suspicious items for each host
- Lists of items by type, such as all startup items or scheduled tasks
- HTML or JSON reports
Integrate with Cyber Triage Team
Use Cyber Triage Team to get the REST API and make your responses faster.
