A Security Intelligence Platform built on advanced data science, deep security expertise, and proven open source big data solutions.
Exabeam Security Intelligence supports a variety of information security use cases.
Discover industry-leading white papers, analyst reports, case studies, webinars and more.
Join with us as we lead the fight against modern cyber threats. And we aim to win.
Deep security expertise, advanced data science, and innovative tracking technology make us either a formidable cyber adversary or a great partner. It just depends whose side you’re on.
During the course of a typical day, your team might have to review dozens or hundreds of security alerts, hopefully only a fraction of which will turn out to be real incidents. As you begin your response to these alerts, rather than simply trusting the alert as accurate and remediating, or pulling a full disk image from each potentially infected endpoint and doing a deep-dive investigation, you can do something in between: a triage collection.
A triage collection is when you grab a targeted subset of files that can help you complete a rapid preliminary “triage” investigation. By starting out with a smaller, targeted collection, you can complete that initial investigation more quickly, which is important if you need to scale up your response efforts. In many cases, you can get a fairly complete story about what happened on an endpoint just by looking at a few key artifacts. This webinar covers four categories of data in a triage collection: volatile, Windows and file system, persistence mechanisms, and application-specific information. We walk through at a high level why the artifacts in each of these categories are valuable and how you can use them in a variety of investigation types.