Digital Forensics and Incident Response (DFIR)

Note

To use these features, you can add the DFIR package to your instance of the Cybereason platform for an additional cost. Contact your Customer Success representative to request access to this package.

The Cybereason Digital Forensics and Incident Response (DFIR) package provides a collection of features for use in advanced response and forensics procedures. These features enable you to reduce the time required to plan an initial incident response by obtaining files and memory from machines, run advanced searches for ever-changing malware by creating or using community YARA rules, and take response actions beyond the Cybereason UI to investigate systems at scale.

For details on supported platforms, see Endpoint machine prevention features.

DFIR features include:

• File Search to locate a specific file name on any machine across your environment

• The ability to browse the file system on a machine

• The use of YARA rules as part of file search operations

• Deployment and execution of IR tools through the Cybereason platform

Watch this video to see an overview of the Cybereason DFIR features:

In this section:

• Search for Files on Machines
• Search for Files of Interest - Tutorial
• Browse Files on Machines
• Manage Incident Response and Forensic Data Ingestion Tools with the Platform
• Manage Incident Response Tools with the API
• Manage Forensic Data Ingestion Tools with the API