New Forensic Resource
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
Welcome to the next post in our DFIR Next Steps series on Remote Monitoring & Management (RMM) tools. This series is designed to help you quickly
www.cybertriage.com
Cyber Triage
I'm doing a webinar TMRW on investigation tools for endpoint triage. Basic idea is how to get quick and accurate results after an alert. EDR data plays a role in that, but it's not enough.
Endpoint Triage should be in any security team's process.
attendee.gotowebinar.com/register/281...
The 3 themes we focus on for #DFIR endpoint triage. What are yours?
EDRs miss activity! 😲😱.
You should not miss webinar tmrw! 😀
Markus and I will talk about why EDR alerts could be days after an attack started.
We'll talk about how to do endpoint triage to see what else happened beyond the alert!
Mar 27 @ 11 Eastern
register.gotowebinar.com/register/916...
For those in the #SOC: Alert Triage vs Endpoint Triage
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
New Cyber Triage release with:
* New UIs to give you an overview of the endpoint
* Hyabusa integration
* Baseline
* Public key encryption on collector
* LOTS more....
Blog and Download Link: www.cybertriage.com/blog/3-14-re...
3 places to automate #DFIR Endpoint Triage. Which do you do?
#DFIR Automation Series
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
