18. Integrations

Cyber Triage can integrate with several platforms. This page provides links to the instructions for using them.

18.1. EDRs and Other Agents

You can use EDRs and other agent-based systems to deploy the Cyber Triage Collector. Our Collector is very easy to deploy. It’s a single Windows executable.

The agents from an EDR or other tool (such as Velociraptor) can be used to copy the Collector to the endpoint and to launch it.

• Configure the Collector Deployer Powershell Script

• Collect with Windows Defender for Endpoints

• Collect with SentinelOne Singularity

• Collect with Crowd Strike Real Time Response

18.2. SIEMs

Cyber Triage can export data that can be imported into Splunk (see All Items JSON Report).

18.3. Other Forensics Tools

The output of Cyber Triage can be imported into other tools, such as:

• Autopsy (Open a Cyber Triage Incident in Autopsy)

• Timesketch (All Items in JSON Line (Timesketch) Report)

18.4. Table of Contents

• 18.4.1. Configure the Collector Deployer Powershell Script
• 18.4.2. Collect with SentinelOne Singularity
• 18.4.3. Collect with Windows Defender for Endpoints
• 18.4.4. Collect with Crowd Strike Real Time Response
• 18.4.5. Autopsy Integration
• 18.4.6. Launch Cyber Triage via Command Line