Cyber Triage User’s Guide

Cyber Triage^® is incident response software that enables IT and information security incident responders to collect, analyze, and act more quickly when a threat has been identified. With Cyber Triage^® the user can analyze a computer to determine whether or not it was compromised.

This user guide contains all information about how to install and use the Cyber Triage^® software.

If you are evaluating Cyber Triage^® for the first time, refer to the separate Evaluation Guide document for assistance on getting started as quickly as possible.

Deployment Versions

There are four versions of Cyber Triage. To make sure you get the most out of this User Manual, ensure you know which you have.

• Standard lets you collect, analyze, and report on a small number of DFIR incidents. It runs on a desktop or laptop computer. Refer to Standard Installation for steps on installing this version.

• Standard Pro is a more scalable version of Standard and allows you to batch up data sets to add and has higher capacity limits. It runs on a desktop or laptop computer. If you have this version, you should follow the steps in this manual for Standard unless Standard Pro is called out. Refer to Standard Installation for steps on installing this version.

• Team is the enterprise version that uses a server and several clients. The user experience is the same, so most of this document applies to both Standard and Team. Refer to Team Installation and Configuration on installing this version.

• Lite is the free version that does not have analytics. It is a separate installer and data is stored separately from the paid version.

Contents

• 1. Overview
  • 1.1. Basic Workflow
  • 1.2. UI Overview
  • 1.3. Overview of Collection Methods
  • 1.4. Scores and Labels
  • 1.5. Information Artifact Types
• 2. Installation and Setup
• 3. Typical Usage
  • 3.1. Incident Management
  • 3.2. The Cyber Triage Collector Tool
  • 3.3. Adding a Host
  • 3.4. Automated Analysis
  • 3.5. Assisted Examination
  • 3.6. Generating Reports
• 4. Advanced Configuration
  • 4.1. Offline Environments
  • 4.2. Configuring a Network Proxy
  • 4.3. Changing Port Number
  • 4.4. Changing How DNS Queries Are Done
  • 4.5. Changing Where Data is Stored
  • 4.6. Customizing Hayabusa Analysis
  • 4.7. Allow Collector To Initiate Ingests (Team Only)
  • 4.8. REST API Access (Team Only)
  • 4.9. Incident-Level Access Control (Team Only)
• 5. Maintenance and Troubleshooting
  • 5.1. Collector Detection by Antivirus and EDR
  • 5.2. Backup and Recovery
  • 5.3. Reducing Data Folder Size
  • 5.4. Team Security Monitoring
  • 5.5. Team Server Status
• 6. System Administration
  • 6.1. Upgrading Installations
  • 6.2. Create and Manage Team Users
  • 6.3. Application Information
  • 6.4. Configuring Cloud Storage Services
• 7. Integrations
  • 7.1. EDRs and Other Agents
  • 7.2. SIEMs
  • 7.3. Other Forensics Tools
  • 7.4. Table of Contents
• 8. Support
• 9. History
  • 9.1. Ver 3.15.0 (Sep 5, 2025)
  • 9.2. Ver 3.14.2 (Jun 5, 2025)
  • 9.3. Ver 3.14.1 (May 6, 2025)
  • 9.4. Ver 3.14.0 (May 5, 2025)
  • 9.5. Ver 3.13.0 (Dec 18, 2024)
  • 9.6. Ver 3.12.1 (Nov 6, 2024)
  • 9.7. Ver 3.12.0 (Sep 30, 2024)
  • 9.8. Ver 3.11.2 (Jul 31, 2024)
  • 9.9. Ver 3.11.1 (Jul 17, 2024)
  • 9.10. Ver 3.11.0 (Jun 24, 2024)
  • 9.11. Ver 3.10.0 (Apr 30, 2024)
  • 9.12. Ver 3.9.2 (Feb 8, 2024)
  • 9.13. Ver 3.9.1 (Jan 11, 2024)
  • 9.14. Ver 3.9.0 (Dec 5, 2023)
  • 9.15. Ver 3.8.0 (Aug 29, 2023)
  • 9.16. Ver 3.7.0 (Jun 30, 2023)
  • 9.17. Ver 3.6.0 (Feb 20, 2023)
  • 9.18. Ver 3.5.0 (Nov 21, 2022)
  • 9.19. Ver 3.4.0 (Sep 26, 2022)
  • 9.20. Ver 3.3.1 (July 28, 2022)
  • 9.21. Ver 3.3.0 (July 13, 2022)
  • 9.22. Ver 3.2.0 (Apr 8, 2022)
  • 9.23. Ver 3.1.1 (Mar 14, 2022)
  • 9.24. Ver 3.1.0 (Feb 10, 2022)
  • 9.25. Ver 3.0.2 (Nov 30, 2021)
  • 9.26. Ver 3.0.1 (Nov 10, 2021)
  • 9.27. Ver 3.0.0 (Sep 13, 2021)
  • 9.28. Ver 2.14.5 (Jun 4, 2021)
  • 9.29. Ver 2.14.4 (Apr 15, 2021)
  • 9.30. Ver 2.14.3 (Mar 1, 2021)
  • 9.31. Ver 2.14.2 (Jan 25, 2020)
  • 9.32. Ver 2.14.1 (Oct 28, 2020)
  • 9.33. Ver 2.14.0 (Oct 7, 2020)