Forensic Puller

Forensic Puller enriches MazeRunner alerts by pulling forensic information from the endpoint that triggered the alert. When a machine in your environment acts suspiciously (e.g., it has attempted to connect to a decoy), MazeRunner can immediately collect forensic data from that machine. Pulling forensic data based on automatic triggers means the data is fresh from the time of the attack, while the attacker is almost always still on the affected endpoint. We can then identify which process opened the connection to a decoy and the specific attack tool used to launch the attack, providing a more complete forensic picture.

 

Share this:

Related

Detecting lateral movement

September 26, 2017

Incident response

September 26, 2017

Personalized threat intelligence

September 26, 2017