Prioritize hosts during incident response with Cyber Triage 1.3
Automated data collection and analysis undoubtedly make the first response to a cyber security incident faster and easier. They enable responders to scan for evidence on many nodes in quick succession. However, all this data can make prioritization difficult. You may, as a first responder, get a sense of where to start, but lack signal among the noise without integrated and correlated results.
As we blogged at the Cyber Triage site, you need a way to identify what’s normal on your own or a client’s network, to account for newly discovered indicators on previously scanned hosts, and to be able to compare hosts on a network. As of Cyber Triage 1.3, you can:
- Prioritize sessions in the incident, and see where else threats exist across the entire incident, via a new a dashboard and incident-level grouping feature. Add a session (host) to a grouping, and apply black- and whitelisting, not just globally.
- Customize the files that Cyber Triage searches for, beyond the list that the software ships with, with blacklisting. Specify file names, paths, or hashes that you want to alert on. This feature introduces the process of integrating threat intelligence feeds.
Near-future versions of Cyber Triage will enhance and expand upon these new features by developing the blacklisting feature into full threat intelligence integration, and enriching the dashboard with additional data and reporting features.
Cyber Triage thus promotes excellent endpoint visibility and situational awareness during an incident without need for cumbersome persistent agents. The prioritization available in v1.3 enhances these benefits, making for faster and simpler response. Visit cybertriage.com to learn more and to schedule your demo today.