Search with YARA
Create or import YARA rules within the AIR platform and share them between analysts. Triage tasks can be sent to an endpoint in seconds to scan both memory and file system.
Move seamlessly from forensic evidence acquisition findings to rapid Triage across your network directly from the AIR management console.
Create or import YARA rules within the AIR platform and share them between analysts. Triage tasks can be sent to an endpoint in seconds to scan both memory and file system.
AIR’s YARA rule builder and validation features make YARA rule creation and management efficient and error-free.
From the AIR management console Triage can be performed remotely and at scale across multiple endpoints concurrently.
For complex triage on high availability machines, or where the corporate policies dictate, AIR allows you to limit the amount of CPU usage.
Move seamlessly from forensic evidence acquisition findings to rapid Triage across your network directly from the AIR management console. See details
When a Triage rule match is detected on the endpoint why wait to take action?
Our proprietary IoCPack format combined with Auto Action Technology and interACT allow the triage, action taking, and remediation processes to begin automatically to prevent unnecessary delays that extend the threat window, while also removing laborious and time-consuming manual tasks.
Define the following actions from directly within your YARA rules.
Isolate the machine
Acquire evidence
Create a timeline
Dump a process
Delete a file
Run a command (interACT)
Reboot
Shut down