7. Integrations

Cyber Triage can integrate with several platforms. This page provides links to the instructions for using them.

7.1. Deploy via EDR / Agents

You can use EDRs and other agent-based systems to deploy the Cyber Triage Collector. Our Collector is very easy to deploy. It’s a single Windows executable.

The agents from an EDR or other tool (such as Velociraptor) can be used to copy the Collector to the endpoint and to launch it.

• 7.1.1. Configure the Collector Deployer Powershell Script
• 7.1.2. Crowd Strike-based Collections
• 7.1.3. Lima Charlie-based Collections
• 7.1.4. SentinelOne-based Collections
• 7.1.5. Velociraptor-based Collections
• 7.1.6. Windows Defender-based Collections

7.2. Import Telemetry

You can import telemetry data from EDRs. This feature requires a special license.

• 7.2.1. Microsoft Defender Integration

7.3. GenAI Clients

GenAI clients can connect using a STDIO MCP server.

• 7.3.1. Claude Desktop, Code, and other MCP Clients

7.4. SIEMs

Cyber Triage can export data that can be imported into Splunk (see All Items JSON Report).

7.5. Case Management

The results from an investigation can be pushed back into case management software:

• 7.5.1. IRIS Integration

7.6. Other Forensics Tools

The output of Cyber Triage can be imported into other tools, such as:

• Timesketch (All Items in JSON Line (Timesketch) Report)

• Autopsy (Autopsy Integration)

7.7. Scripts

You can invoke Cyber Triage from your own scripts using its command line interface.

• 7.7.1. Launch Cyber Triage via Command Line