Red Canary Security Operations Center Investigation Tools
The Red Canary Security Operations team triages and investigates every potentially threatening endpoint event on your behalf
Red Canary casts an extremely wide detection net. In order to identify the 1 out of 100 malicious uses of PowerShell, the other 99 must also be surfaced for investigation.
To handle this volume of potential threats, Red Canary has innovated and improved its internal triage and investigation process. The team has built and refined dozens of tools that help our security team expedite investigations and amplify our analysts’ expertise and intuition.
“Our hospital has seen instant benefit from Red Canary. The outsourced review, triage, and investigation of alerts cuts away the false positives and allows our information security team to focus on responding to the threats that present the most risk. I sleep more soundly knowing our environment is in good hands with Red Canary.”
Information Security Manager, Regional Hospital
The Red Canary Analysis Platform: Built for EDR Investigations
Red Canary’s Analysis Platform was custom-built based on the feedback from our Threat Analysts to give them the data, context, and tools to quickly respond to potential threats on your endpoints. Analysts are presented with a clear picture of what is happening, why the detection technology believes it to be bad, other intelligence sources, and tools for deeper investigation
Every event is enriched with the information that supports the analyst decision making process. Specific examples include full details on the number of netconns, childprocs, regmods, filemods and modloads and matched Yara Rules.
Binary & Indicator Metadata
Metadata about binaries including AV hits, signing data, capabilities, reputation, and static/dynamic data
Integrated Customer Feedback
Customer feedback on specific detections, users, endpoints, and tools are tightly integrated into the analysts’ heads up display. The context analysts need from a customer’s environment is automatically presented when reviewing every threat.