AIR is an “Automated Incident Response” platform that provides the most complete feature set for:
• Remotely collecting 150+ evidence types in minutes,
• Capturing the “Forensic State” of an endpoint as a well-organized HTML/JSON report,
• Performing triage on thousands of endpoints using YARA,
• Integrating with SIEM/SOAR/EDR products for automating the response phase IR,
• Enriching alerts for eliminating false positives,
• Investigating pre-cursors generated by other security products.
TACTICAL is an all-in-one evidence collector which makes it possible to acquire digital evidence and application artifacts from a live system in the blink of an eye. No need to lose your precious time for looking for the needle in the proverbial haystack anymore. TACTICAL minimizes incident response time to minutes and increases the effectiveness. It meets the needs of cyber security and digital forensics at the same time. Imagine an easy to use IR software that collects and presents all critical data for you. That’s TACTICAL and that’s all you need for the fastest IR ever.
DRONE is an automated compromise assessment solution for quickly investigating an endpoint. It contains IREC engine capabilities so with DRONE you can collect more than 150+ types of digital evidence and start analyzing the collected evidence with internal out-of-the-box analyzers.
DRONE highly increases the investigation time by providing automated findings to the analysts. In this way, analysts are not spending time on what is different, strange, or unexpected in a case since they are automatically provided with all the findings. It works by tagging findings using 2 different scan categories:
• Score-(low, medium, high – these scores are created by the analysis pipelines)
• Verdict (dangerous, matched, suspicious, relevant, rare)