There are several ways to use MazeRunner in incident response. Below are a few examples from our customers.
- “Wake the dragon” – MazeRunner is deployed alongside incident response, and new, interesting assets can cause attackers to reveal themselves by attacking deception elements deployed by MazeRunner
- Post-remediation assurance – MazeRunner provides assets to attackers to target based on their previous activity during an incident, ensuring the network is indeed clean
- Detecting an attacker’s return – Monitoring for attacker return to the network by placing deception relevant to previous attacker activities in the environment
- Enhance existing IR processes with more data – MazeRunner provides high-fidelity intelligence to enhance existing incident response processes, including commands run by attackers, malware installed, memory dump, network traffic, etc. MazeRunner integrates with existing incident response systems, sending all alert information to your SIEM or other threat intelligence system, using syslog, CEF, STIX, TAXII, or custom-built outputs through the MazeRunner API.