Products
Enhance your intel, Enrich your logs, Empower your SOC
EchoTrail Insights
A searchable database of process execution profiles captured from millions of process executions observed by our sensors in the wild.
Learn moreEchoTrail Scoring
A Statistical model for calculating a risk score of processes executing in your environment compared against our global database.
Learn moreEchoTrail Forwarder
A log forwarder that compresses normal process execution behavior and enhances anomalous behavior prior to SIEM ingestion.
Learn moreEchoTrail Insights
Accelerate your analysts, threat hunters, and incident response teams with our extensive endpoint analytics search tool. Get process descriptions, behavioral analytics, security intel and more.
Resolve Alerts With Confidence
An optimized workflow
EchoTrail Insights is a comprehensive database of process execution behavior. By understanding how processes typically behave, you can quickly identify when anomalous behavior occurs.
Insights helps analysts and threat hunters answer questions like
- What is this process?
- Identify who wrote it and what it normally does.
- How common is this process?
- Reveal how often it runs and how common it is across a variety of endpoints.
- How does this process typically behave?
- Understand common hashes, paths and ancestry - such as parent, grandparent and child processes.
- How can malicious actors use this process?
- Uncover Security Intelligence and learn more about how each process can be exploited by threat actors
Integrate EchoTrail Insights with your SOAR/SIEM for automatic enrichment using our API
EchoTrail Scoring
Compare your behavioral data to the EchoTrail global statistical model. Arm your SOC with real time indicators of unusual behavior, and eliminate the noise of predictable behavior.
Learn how processes typically execute in YOUR environment.
Score complete process executions
Hunt on unusual behaviors
- Score against our global database
- Manually input a process for immediate feedback to determine if it’s worth investigating.
- Integrate Automatically
- Use the scoring API to enrich logs directly inside your SOAR/SIEM.
- Profile your environment
- EchoTrail creates a custom statistical model to better understand how processes run in your environment.
- Confidently Resolve Alerts
- High scores to allow analysts to resolve alerts with accuracy.
- Identify unusual behaviors
- Low scores are used by Threat Hunters and Incident Response Teams to indicate abnormal execution profiles.
The Smart Forwarder
Combine the power of EchoTrail Insights and EchoTrail Scoring with our intelligent log forwarder. The EchoTrail Forwarder automatically reduces common logs with high scores and enhances anomalous logs with low scores directly to a SOAR/SIEM.
Reduce the noise and enhance the anomalous activity
Reduce and roll up common executions
Automatically Enhance Logs
- Endpoint Profiles
- Every endpoint develops its own process execution statistical model.
- Compress Normal Behavior
- High score process executions are compressed and rolled up (reducing SOAR/SIEM ingestion).
- Trigger Alerts
- Anomalous behavior is enhanced to trigger analysts and threat hunters.
- Retain Originals
- Original Logs are retained in S3 (or other inexpensive storage) for compliance.
- Customize Thresholds
- Tune the levels at which you reduce and enhance.
