Take The Tour

Cb Response

Detect Attacks. Hunt Threats. Respond Immediately.

Experience the power of the most popular, proven EDR solution on the market in this powerful product walkthrough.

Start Tour
Process-Analysis-Tree
Welcome to the product tour. For a more hands-on interactive experience, view this on your desktop or tablet.

Reduce alert fatigue by quickly identifying high risk events.

Unresolved Alerts

Dive into new and pending activity that's been detected by Cb Response, so you can take action

Event Monitor

Analyze event counts against your threat feeds and watchlists over time.

Sensors

Quickly review the status of each sensor to assess health and ensure coverage.

Dwell Time

Track the average time malware threats are present across hosts.

Threat Intelligence Feeds

Cb Response records all endpoint activity and runs it against a library of threat intel feeds, providing immediate access to forensic evidence for every situation -- even if no alert is triggered.

__________________

Click the YIELD SIGN icon to get your hands dirty hunting for new threats in your enterprise.

Triage Alerts

These alerts show some unusual Powershell activity that could indicate that an attacker is manipulating this tool.

__________________

Click the MAGNIFYING icon to execute a query against the centralized server that stores all endpoint history.

Quickly uncover suspicious and stealthy behavior, disrupt active attacks and address gaps in defenses.

Process Search

You can construct a query based on the latest threat research and your own knowledge of normal activity in your environment.

__________________

Click SEARCH perform the query and instantly call up all recent activity associated with PowerShell.

Suspicious Powershell

Powershell is being initiated as a child process of Excel. Weaponizing these tools is a common attack technique used by advanced adversaries.

__________________

Click the first EXCEL PROCESS to drill in and understand the severity of what’s likely an attack on your systems.

Review months of detailed historical data for post-incident investigation.

Process Analysis

The process tree shows the full kill chain of an attack in your environment. This sequence is clearly not typical behavior.

__________________

Click the MINUS button to zoom out.

Ban Hash

It looks like the attacker gained access using a phishing campaign that exploits PowerShell to live-off-the-land and gather environment information.

__________________

Click ACTIONS to instantly ban the hash across your environment.

Immediately isolate infected systems to prevent lateral movement and remove malicious files.

Isolate Host

Speed of resolution is critical in the SOC, and Cb Response gives you powerful tools to respond without IT involvement when necessary.

__________________

Click Isolate Host to take the endpoint off the network for investigation and remediation.

Go Live

You can perform a full forensic investigation with remote, secure access to the infected host. This saves time and resources, drastically reducing attack dwell time.

__________________

Click GO LIVE to capture forensics and remove all traces of the attacker.

Terminal

From here you can perform a memory dump, halt harmful processes that the attacker initiated and remove bad files from the system.

__________________

Click the COMMAND LINE screen to run the necessary commands and close any remaining gaps.

MemDump

You remotley captured a memory image of this device for further root cause analysis, but you never want to fall vicitim to the same TTP's twice.

Stop attackers from using the same technique a second time.

New Watchlist

You can use knowledge of a prior attack to construct a rule that catches any attacker who uses these same techniques in your environment.

__________________

Click CREATE WATCHLIST to build a watchlist that catches this technique every time.

Save Watchlist

With this new watchlist in place, an attacker will need to evolve their approach if they want to penetrate your environment.

__________________

Click SAVE CHANGES to finalize the watchlist and move on to the next threat.

Monitor Watchlist

Now that you’ve seen how easy it is to hunt for and respond to threats, put Cb Response to work protecting your own machines.

__________________

Click HERE to sign up for an evaluation today!

Continue

You completed the CB Response Tour. Interested in Learning more? Contact Us!

HUD

The Cb Response Heads Up Display (HUD) provides you with an instant readout of your system health and SOC KPIs.
__________________
Click the ROCKET icon to dive into the threat intel feeds built into the platform.

Unresolved Alerts

Dive into new and pending activity that's been detected by Cb Response, so you can take action

Event Monitor

Analyze event counts against your threat feeds and watchlists over time.

Sensors

Quickly review the status of each sensor to assess health and ensure coverage.

Dwell Time

Track the average time malware threats are present across hosts.

Threat Intelligence Feeds

Cb Response records all endpoint activity and runs it against a library of threat intel feeds, providing immediate access to forensic evidence for every situation -- even if no alert is triggered.

__________________

Click the YIELD SIGN icon to get your hands dirty hunting for new threats in your enterprise.

Triage Alerts

These alerts show some unusual Powershell activity that could indicate that an attacker is manipulating this tool.

__________________

Click the MAGNIFYING icon to execute a query against the centralized server that stores all endpoint history.

Process Search

You can construct a query based on the latest threat research and your own knowledge of normal activity in your environment.

__________________

Click SEARCH perform the query and instantly call up all recent activity associated with PowerShell.

Suspicious Powershell

Powershell is being initiated as a child process of Excel. Weaponizing these tools is a common attack technique used by advanced adversaries.

__________________

Click the first EXCEL PROCESS to drill in and understand the severity of what’s likely an attack on your systems.

Process Analysis

The process tree shows the full kill chain of an attack in your environment. This sequence is clearly not typical behavior.

__________________

Click the MINUS button to zoom out.

Ban Hash

It looks like the attacker gained access using a phishing campaign that exploits PowerShell to live-off-the-land and gather environment information.

__________________

Click ACTIONS to instantly ban the hash across your environment.

Isolate Host

Speed of resolution is critical in the SOC, and Cb Response gives you powerful tools to respond without IT involvement when necessary.

__________________

Click Isolate Host to take the endpoint off the network for investigation and remediation.

Go Live

You can perform a full forensic investigation with remote, secure access to the infected host. This saves time and resources, drastically reducing attack dwell time.

__________________

Click GO LIVE to capture forensics and remove all traces of the attacker.

Terminal

From here you can perform a memory dump, halt harmful processes that the attacker initiated and remove bad files from the system.

__________________

Click the COMMAND LINE screen to run the necessary commands and close any remaining gaps.

MemDump

You remotley captured a memory image of this device for further root cause analysis, but you never want to fall vicitim to the same TTP's twice.

New Watchlist

You can use knowledge of a prior attack to construct a rule that catches any attacker who uses these same techniques in your environment.

__________________

Click CREATE WATCHLIST to build a watchlist that catches this technique every time.

Save Watchlist

With this new watchlist in place, an attacker will need to evolve their approach if they want to penetrate your environment.

__________________

Click SAVE CHANGES to finalize the watchlist and move on to the next threat.

Monitor Watchlist

Now that you’ve seen how easy it is to hunt for and respond to threats, put Cb Response to work protecting your own machines.

__________________

Click HERE to sign up for an evaluation today!

Continue

You completed the CB Response Tour. Interested in Learning more? Contact Us!

Contact Us