Investigation tools

In addition to all available telemetry, collect data and artifacts on endpoints to run accurate and effective investigations to qualify threats (cybercrime, advanced persistent attacks) and implement remediation measures.

Launch jobs to perform actions on one or more endpoints, and analyze the results directly from your console:

• RAM capture
• Running processes capture
• Driver information retrieval
• Detailed endpoints structure visualization
• Endpoint’s network communications exploration
• Threat persistence detection (registries, scheduled tasks, startup files, etc.)

Use your AI assistant Kio to contextualize Security Events, and to ease and speed up investigations in natural language.

Kio is based on an open-source model deployed within our secured infrastructure, ensuring full control over data.

• Ask Kio about any Security Event to get full explanations about YARA or Sigma rules behind the alert
• Find out details about PowerShell scripts detected in events
• Pivot from any Security Event and see if other endpoints are affected
• Learn the remediation steps to follow to improve overall efficiency

Preconfigure job templates by combining different tasks to speed up investigations.

Based on jobs that have already been launched 
or ad hoc jobs, they are ready to be activated on endpoints, groups of endpoints, or your entire workspace:

• Scans launch
• Data collection
• Remediation actions
• And more