Cyber Triage 是一款自动化的数字取证与事件响应(DFIR)软件,旨在帮助安全运营中心(SOC)、托管安全服务提供商(MSSP)、顾问和执法机构快速调查网络入侵事件。它能收集主机数据、利用威胁情报进行分析评分、分析主机间的关联性,并通过评分机制和推荐引擎,帮助安全专业人员快速全面地调查恶意软件、勒索软件和账户接管等事件,从而加速调查进程并确保结果的一致性。
File size: 491.3 MB
Cyber Triage’s ultimate goal is to get you the key information about an attack as quickly as possible. It does this with a workflow that spans from collection to reporting.
It uses five key phases
Collect: Ensure data from endpoints is copied and preserved.
Ingest: Import low-level data and normalize to higher-level information artifacts.
Automated Analysis: Score artifacts using analysis pipelines to highlight evidence.
Assisted Examination: Review findings, understand the scope, and find more evidence.
Report: Generate human and machine readable reports with the findings.
转载请注明:0daytown » Cyber Triage Pro 3.15.0 x64