Cyber Triage User’s Guide

Cyber Triage^® is incident response software that enables IT and information security incident responders to collect, analyze, and act more quickly when a threat has been identified. With Cyber Triage^® the user can analyze a computer to determine whether or not it was compromised.

This user guide contains all information about how to install and use the Cyber Triage^® software.

If you are evaluating Cyber Triage^® for the first time, refer to the separate Evaluation Guide document for assistance on getting started as quickly as possible.

Deployment Versions

There are five versions of Cyber Triage. To make sure you get the most out of this User Manual, ensure you know which you have.

• Standard Versions: These versions are desktop applications that allow a single user to perform investigations. Refer to Standard Installation for steps on installing this version.

  • Standard Pro: This is the base version with the core features.

  • Standard Enterprise: This adds integrations to import telemetry, publish IOCs, etc.

• Team Versions: These versions use a self-hosted server and clients to allow collaboration. The user experience is the same as Standard, so most of this document applies to both Standard and Team. Refer to Team Installation and Configuration on installing this version.

  • Team: This has the core features of the application

  • Enterprise: This adds integrations and access control.

• Lite is the free version that does not have analytics. It is a separate installer and data is stored separately from the paid version.

Contents

• 1. Overview
  • 1.1. Core Concepts
  • 1.2. UI Overview
  • 1.3. Getting Data Into Cyber Triage
  • 1.4. Information Artifact Types
  • 1.5. Scores and Labels
• 2. Installation and Setup
• 3. Typical Usage
  • 3.1. Incident Management
  • 3.2. Cyber Triage Collector Tool
  • 3.3. Adding a Host
  • 3.4. Automated Analysis
  • 3.5. Assisted Examination
  • 3.6. Generating Reports
• 4. Advanced Configuration
  • 4.1. Offline Environments
  • 4.2. Configuring a Network Proxy
  • 4.3. Changing Port Number
  • 4.4. Changing How DNS Queries Are Done
  • 4.5. Changing Where Data is Stored
  • 4.6. Customizing Hayabusa Analysis
  • 4.7. Allow Collector To Initiate Ingests (Team Only)
  • 4.8. REST API Access (Team Only)
  • 4.9. Incident-Level Access Control (Team Only)
• 5. Maintenance and Troubleshooting
  • 5.1. Collector Detection by Antivirus and EDR
  • 5.2. Backup and Recovery
  • 5.3. Reducing Data Folder Size
  • 5.4. Team Security Monitoring
  • 5.5. Team Server Status
• 6. System Administration
  • 6.1. Upgrading Installations
  • 6.2. Create and Manage Team Users
  • 6.3. Application Information
  • 6.4. Configuring Cloud Storage Services
• 7. Integrations
  • 7.1. Deploy via EDR / Agents
  • 7.2. Import Telemetry
  • 7.3. SIEMs
  • 7.4. Case Management
  • 7.5. Other Forensics Tools
  • 7.6. Scripts
• 8. Support
• 9. Evaluation Guide
  • 9.1. Process
  • 9.2. Evaluation License Limitations
  • 9.3. Evaluating the Team Version
  • 9.4. Using Your Data
• 10. History
  • 10.1. Ver 3.16.0 (Jan 15, 2026)
  • 10.2. Ver 3.15.1 (Nov 18, 2025)
  • 10.3. Ver 3.15.0 (Sep 5, 2025)
  • 10.4. Ver 3.14.2 (Jun 5, 2025)
  • 10.5. Ver 3.14.1 (May 6, 2025)
  • 10.6. Ver 3.14.0 (May 5, 2025)
  • 10.7. Ver 3.13.0 (Dec 18, 2024)
  • 10.8. Ver 3.12.1 (Nov 6, 2024)
  • 10.9. Ver 3.12.0 (Sep 30, 2024)
  • 10.10. Ver 3.11.2 (Jul 31, 2024)
  • 10.11. Ver 3.11.1 (Jul 17, 2024)
  • 10.12. Ver 3.11.0 (Jun 24, 2024)
  • 10.13. Ver 3.10.0 (Apr 30, 2024)
  • 10.14. Ver 3.9.2 (Feb 8, 2024)
  • 10.15. Ver 3.9.1 (Jan 11, 2024)
  • 10.16. Ver 3.9.0 (Dec 5, 2023)
  • 10.17. Ver 3.8.0 (Aug 29, 2023)
  • 10.18. Ver 3.7.0 (Jun 30, 2023)
  • 10.19. Ver 3.6.0 (Feb 20, 2023)
  • 10.20. Ver 3.5.0 (Nov 21, 2022)
  • 10.21. Ver 3.4.0 (Sep 26, 2022)
  • 10.22. Ver 3.3.1 (July 28, 2022)
  • 10.23. Ver 3.3.0 (July 13, 2022)
  • 10.24. Ver 3.2.0 (Apr 8, 2022)
  • 10.25. Ver 3.1.1 (Mar 14, 2022)
  • 10.26. Ver 3.1.0 (Feb 10, 2022)
  • 10.27. Ver 3.0.2 (Nov 30, 2021)
  • 10.28. Ver 3.0.1 (Nov 10, 2021)
  • 10.29. Ver 3.0.0 (Sep 13, 2021)
  • 10.30. Ver 2.14.5 (Jun 4, 2021)
  • 10.31. Ver 2.14.4 (Apr 15, 2021)
  • 10.32. Ver 2.14.3 (Mar 1, 2021)
  • 10.33. Ver 2.14.2 (Jan 25, 2020)
  • 10.34. Ver 2.14.1 (Oct 28, 2020)
  • 10.35. Ver 2.14.0 (Oct 7, 2020)