Products
Enhance your intel, Enrich your logs, Empower your SOC
EchoTrail Insights
A searchable database of process execution profiles captured from millions of process executions observed by our sensors in the wild.
Learn moreEchoTrail Scoring
A Statistical model for calculating a risk score of processes executing in your environment compared against our global database.
Learn moreEchoTrail Detect
EchoTrail Detect helps security teams manage detection content in a more efficient way, bringing engineering principles to security.
Learn moreEchoTrail Insights
Accelerate your analysts, threat hunters, and incident response teams with our extensive endpoint analytics search tool. Get process descriptions, behavioral analytics, security intel and more.
Resolve Alerts With Confidence
An optimized workflow
EchoTrail Insights is a comprehensive database of process execution behavior. By understanding how processes typically behave, you can quickly identify when anomalous behavior occurs.
Insights helps analysts and threat hunters answer questions like
- What is this process?
- Identify who wrote it and what it normally does.
- How common is this process?
- Reveal how often it runs and how common it is across a variety of endpoints.
- How does this process typically behave?
- Understand common hashes, paths and ancestry - such as parent, grandparent and child processes.
- How can malicious actors use this process?
- Uncover Security Intelligence and learn more about how each process can be exploited by threat actors
Integrate EchoTrail Insights with your SOAR/SIEM for automatic enrichment using our API
EchoTrail Insights Pro
EchoTrail Scoring
Compare your behavioral data to the EchoTrail global statistical model. Arm your SOC with real time indicators of unusual behavior, and eliminate the noise of predictable behavior.
Enter information about a process execution and get an anomaly score on the likelihood of it occurring, where 0 is very rare and 100 is exceedingly common.
Learn how processes typically execute in YOUR environment.
Score complete process executions
Hunt on unusual behaviors
- Score against our global database
- Manually input a process for immediate feedback to determine if it’s worth investigating.
- Integrate Automatically
- Use the scoring API to enrich logs directly inside your SOAR/SIEM.
- Profile your environment
- EchoTrail creates a custom statistical model to better understand how processes run in your environment.
- Confidently Resolve Alerts
- High scores are used by analysts to resolve alerts with accuracy.
- Identify unusual behaviors
- Low scores are used by Threat Hunters and Incident Response Teams to indicate abnormal execution profiles.
EchoTrail Detect
EchoTrail Detect helps security teams manage detection content in a more efficient and effective way, bringing engineering principles to security.
Learn MoreManage all of your detection and rule content from one place
Manage and Deploy Detection Content with Ease
Our detection mangement system allows you to manage all of your detection content from one place. With built-in integrations to your SIEM, you can write, tune and deploy your detection content with ease.
- Centralized
- Centralized Management of all Detection Content
- Coverage Mapping
- MITRE Att&ck Mapping.
- SIEM Integrations
- SIEM Integrations out of the box.
- CI/CD Pipelines
- Deploy versioned detection content to your SIEM with ease.
- Rule Performance Analytics
- Track rule performance at the version level over time.
