Skip to the main content.
TRY NOW
TRY NOW

Triage

 

Trusted by Organizations Worldwide
logo-customers-garmin logo-customers-thy logo-customers-ey logo-customers-deloitte logo-customers-turkcell logo-customers-integrity360 digifors-1 quourum-cyber white_complete

Remote Triage at Scale

Move seamlessly from forensic evidence acquisition findings to rapid Triage across your network directly from the AIR management console.

screenshot-triagerule-tl-1

Search with YARA

Create or import YARA rules within the AIR platform and share them between analysts. Triage tasks can be sent to an endpoint in seconds to scan both memory and file system.

Rule Builder & Validator

AIR’s YARA rule builder and validation features make YARA rule creation and management efficient and error-free.

Fast, Concurrent Scanning

From the AIR management console Triage can be performed remotely and at scale across multiple endpoints concurrently.

CPU Usage Limitation

For complex triage on high availability machines, or where the corporate policies dictate, AIR allows you to limit the amount of CPU usage.

Move seamlessly from forensic evidence acquisition findings to rapid Triage across your network directly from the AIR management console. See details

Streamline with Auto Actions

When a Triage rule match is detected on the endpoint why wait to take action?

Our proprietary IoCPack format combined with Auto Action Technology and interACT allow the triage, action taking, and remediation processes to begin automatically to prevent unnecessary delays that extend the threat window, while also removing laborious and time-consuming manual tasks.

Define the following actions from directly within your YARA rules.

  • Isolate the machine

  • Acquire evidence

  • Create a timeline

  • Dump a process

  • Delete a file

  • Run a command (interACT)

  • Reboot

  • Shut down

 


Ready to try AIR?

It only takes 2 minutes.

TRY NOW