Red Canary Investigation Tools
The Red Canary Cyber Incident Response Team (CIRT) investigates and triages every potentially threatening endpoint event on your behalf
Red Canary casts an extremely wide detection net. In order to identify the 1 out of 100 malicious uses of PowerShell, the other 99 must also be surfaced for investigation.
To handle this volume of potential threats, Red Canary has innovated and improved its internal triage and investigation process. The team has built and refined dozens of tools that help our Detection Engineering team expedite investigations and amplify our analysts’ expertise and intuition.
“Our hospital has seen instant benefit from Red Canary. The outsourced review, triage, and investigation of alerts cuts away the false positives and allows our information security team to focus on responding to the threats that present the most risk. I sleep more soundly knowing our environment is in good hands with Red Canary.”
Information Security Manager, Regional Hospital
The Red Canary Operations Platform: Built for EDR Investigations
Red Canary’s Operations Platform was custom-built based on the feedback from our Cyber Incident Response Team (CIRT) to give them the data, context, and tools to quickly respond to potential threats on your endpoints. Detection Engineers are presented with a clear picture of what is happening, why the detection technology believes it to be bad, other intelligence sources, and tools for deeper investigation.
Every event is enriched with the information that supports the Red Canary Detection Engineer’s decision making process. Specific examples include full details on the number of netconns, childprocs, regmods, filemods and modloads and matched Yara Rules.
Binary & Indicator Metadata
The event includes metadata about binaries including AV hits, signing data, capabilities, reputation, and static/dynamic data
Integrated Customer Feedback
Customer feedback on specific detections, users, endpoints, and tools are tightly integrated into the detection engineer’s head-up display. Individualized context from each respective customer environment is automatically presented when reviewing every threat.