| Developers: | BI.Zone (Safe Information Zone, Bison) |
| Last Release Date: | 2024/11/08 |
| Branches: | Information security |
| Technology: | Information Security Management (SIEM) |
Main article: Security Information and Event Management (SIEM)
2024: Availability on macOS
The free BI.ZONE Triage utility is now available on macOS. BI.Zone announced this on November 8, 2024.
Among the key functions of the utility are collecting data for host analysis, checking hosts using YARA rules, and searching for specified compromise indicators. BI.ZONE Triage for macOS does not require installation and is available on GitHub.
The updated version of the utility has the same capabilities as the [1] version and can be used to investigate incidents and search for traces of compromise. With BI.ZONE Triage for macOS, users can independently explore their infrastructures and search for signs of compromise based on the collected data, as well as check the specified directories using YARA rules.
BI.ZONE Triage for macOS is a binary file with a lightweight BI. ZONE EDR agent for macOS. The utility includes a pre-prepared set of configuration files that describe the profiles for collecting important information necessary to investigate incidents. At the same time, the functions of the system inventory are limited, and the ability to centrally manage is completely disabled.
To get started with the utility, the user must use command-line options to determine which datasets to collect and how to output the data. In addition, you can set parameters for host YARA scanning. After that, the lightweight version of B.ZONE EDR macOS is unpacked and launched with configuration files that correspond to the specified information collection and verification parameters.
BI.ZONE Triage collects not the output of operating system commands, but enriched inventory data from its own collection modules. This data is converted to JSON format. The results of the utility can be obtained from the console as a file or transferred to the cybersecurity event management system. To do this, you must specify the IP address and destination port through the command line parameters.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |