Cyber Triage logo

Cyber Triage

by Basis Technology · Since 2016
No reviews yet
ActiveAvailable globallyCloud
Quick facts
VendorBasis Technology
Year launched2016
StatusActive
Location1070 Broadway Somerville, MA 02144-2078
Countries servedGlobal
Languages6
IntegrationsN/A
Free tierN/A
Free trialYES
Contact salesYES

About Cyber Triage

Cyber Triage is an automated Digital Forensics and Incident Response (DFIR) software from Basis Technology designed for cybersecurity professionals. It provides workflow automation, incident investigation capabilities, and real-time analysis to help quickly address cyber incidents. This platform supports rapid investigation processes, allowing teams to respond effectively to security threats. Cyber Triage enables users to investigate beyond traditional Endpoint Detection and Response (EDR) solutions, integrating smoothly into existing workflows while prioritizing user needs. Key capabilities: workflow automation incident analysis real-time reporting integration with EDR team collaboration Best for: cybersecurity professionals that need to investigate and respond to cyber incidents efficiently.

Cyber Triage by Basis Technology is a digital forensics and incident response (DFIR) tool designed to streamline and automate the process of investigating compromised endpoints. Tailored for Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs), consultants, and law enforcement, Cyber Triage assists analysts in gathering, analyzing, and acting on incident data efficiently. Its primary focus is to reduce the time and complexity required to determine the scope and severity of cyber incidents. The software automates much of the initial triage process by collecting endpoint data remotely and assigning risk scores to artifacts, allowing investigators to prioritize their focus. Key features include malware detection, lateral movement tracking, and evidence correlation from multiple endpoints. The user interface of Cyber Triage is built with simplicity and usability in mind. The dashboard offers a clean, organized view of collected data, presenting artifacts in a structured format that helps even moderately experienced analysts make sense of complex incidents.

Pros & Cons

Pros
  • Fast & Automated: Automates host-based data collection and analysis for quick investigations.
  • Beyond EDR: Finds evidence EDRs miss (hidden, aged, unflagged).
  • Intelligent Guidance: Scores artifacts and recommends next steps for efficient investigation.
  • Agentless Flexibility: Deploys easily in various environments, even sensitive ones.
  • Comprehensive: Collects many artifact types and uses 40+ malware engines.
Cons
  • Host-Centric: Primarily focuses on endpoint data, might need other tools for network or cloud.
  • Learning Curve: While designed for ease, deep forensics still requires some skill.
  • No Prevention: Purely an investigation tool, not for preventing attacks.

Features

Key features

Automated Host-Based Investigation

Provides an automated platform to collect, analyze, and score host-based forensic data, streamlining the investigation process for faster incident response.

Beyond EDR Capabilities

Designed to find evidence that EDRs might miss, including data hidden by evasion techniques or past retention dates, reviewing artifacts around alerts for undetected activity, and flagging suspicious activity an EDR didn't catch.

Intelligent Scoring & Prioritization

Uniquely scores artifacts based on their relevance and suspiciousness, allowing analysts to quickly focus on the most critical data and effectively prioritize leads.

Comprehensive Data Collection

Collects dozens of artifact types based on numerous attack scenarios (e.g., persistence, execution, data access), ensuring a broad collection of evidence to fully understand the scope of an attack.

Advanced Malware Detection

Scans executables with 40+ malware detection engines, providing robust capabilities to identify malicious files.

Recommendation Engine

Guides investigators by recommending artifacts to follow up on, ensuring all leads are explored for a complete investigation.

Flexible Agentless Deployment

Offers an agentless collection tool that can be deployed in environments where agents cannot be used (e.g., older systems, isolated networks), sending artifacts over the network, to USB, or S3.

Built by Forensics Veterans

Developed by Sleuth Kit Labs, the team behind well-known open-source forensic tools like Autopsy and The Sleuth Kit (TSK), bringing deep expertise to the product.

Additional features

Agentless Data Collection

Utilizes a small, self-contained, agentless tool to collect dozens of artifact types (e.g., persistence, execution, data access) from endpoints without requiring permanent installation, supporting flexible transfer options (network, USB, S3).

Automated Artifact Scoring & Prioritization

Automatically scores collected artifacts based on suspiciousness and relevance using threat intelligence, enabling investigators to quickly focus on the most critical data and effectively prioritize leads.

Beyond EDR Visibility

Designed to uncover evidence that traditional EDRs might miss, including data hidden by evasion techniques or past retention dates, and identifies suspicious activity not flagged by EDRs, providing deeper insights.

Advanced Malware Detection

Integrates with and scans executables using 40+ malware detection engines for comprehensive and robust identification of malicious files.

Intelligent Recommendation Engine

Guides investigators by explicitly recommending artifacts to follow up on, ensuring all potential leads are explored for a more thorough and complete investigation.

Flexible Deployment Options

Can be deployed and run in various scenarios, including on a laptop (for field use), in the cloud, or on an on-premise server, adapting to different operational environments and security needs.

Host-Based Analysis & Correlation

Focuses on analyzing data directly from compromised hosts, correlating findings between different machines involved in an incident to understand the broader attack scope.

Integration with Existing Security Tools

Seamlessly integrates with existing EDR and SOAR platforms to initiate rapid data collections and streamline incident response workflows for faster mean time to respond (MTTR).

Memory Acquisition Capability

Supports the acquisition and analysis of volatile memory data, often in conjunction with tools like Velociraptor, to capture transient evidence.

User-Friendly Design

Built by experienced forensics veterans (Sleuth Kit Labs, creators of Autopsy), it's designed for ease of use and minimal training, making complex digital forensics accessible to a wider range of first responders.

Forensic Reporting

Provides the necessary data and insights for comprehensive forensic reporting, helping to answer key investigative questions like "What did the attacker do?" or "How did they get in?".

Minimize Attack Damage

Expedites investigations to collect crucial evidence before it's overwritten or lost, thereby helping to minimize the overall damage from a cyber attack.

Pricing

Free trial
Free version
Request a quote
Promo Offer

Countries & Languages

Global
Countries served
6
Interface languages
8
Billing currencies

Interface languages

EnglishSpanishFrenchGermanItalianPortuguese

Billing currencies

🇺🇸USD🇪🇺EUR🇬🇧GBP🇦🇺AUD🇨🇦CAD🇯🇵JPY🇨🇭CHF🇨🇳CNY

No reviews yet

Be the first to drop a review

Alternatives to Cyber Triage

EnCase Forensic logo

EnCase Forensic

EnCase Forensic is a digital forensic software from Opentext that enables investigators to gather digital…

FARO Zone 3D (FARO.com) logo

FARO Zone 3D (FARO.com)

FARO Zone 3D is a forensic visualization software from FARO that supports the analysis, reconstruction,…

Autopsy logo

Autopsy

Autopsy is a digital forensics software from Sleuth Kit Labs that provides a comprehensive open-source…

S

SceneWorks

SceneWorks is a software platform from SpheronVR that focuses on creating immersive virtual reality experiences.…

P

Phonexia Orbis Investigator

Phonexia Orbis Investigator is a forensic audio analysis software from Phonexia that provides tools for…

Forensic Explorer logo

Forensic Explorer

Forensic Explorer is a forensic analysis software from GetData Forensics that focuses on analyzing computer…

Spot something wrong or outdated?

Suggest a correction — a reviewer verifies every change.

Often compared with Cyber Triage

Compare any two tools →
EnCase Forensic logo
EnCase Forensic
Digital Forensics
0.0
FARO Zone 3D (FARO.com) logo
FARO Zone 3D (FARO.com)
Digital Forensics
0.0
Autopsy logo
Autopsy
Digital Forensics
0.0
S
SceneWorks
Digital Forensics
0.0