Search with YARA
Create or import YARA rules within the AIR platform and share them between analysts. Triage tasks can be sent to an endpoint in seconds to scan both memory and file system.
Move seamlessly from forensic evidence acquisition findings to rapid Triage across your network directly from the AIR management console.
When a Triage rule match is detected on the endpoint why wait to take action?
Our proprietary IoCPack format combined with Auto Action Technology and interACT allow the triage, action taking, and remediation processes to begin automatically to prevent unnecessary delays that extend the threat window, while also removing laborious and time-consuming manual tasks.
Define the following actions from directly within your YARA rules.
Isolate the machine
Create a timeline
Dump a process
Delete a file
Run a command (interACT)