Visit Site

EchoTrail

EchoTrail is a platform that provides insights on process execution logs, aiming to accelerate analysts, reduce the load on SOAR/SIEM systems, and enhance endpoint data. By leveraging a data lake of process execution data, EchoTrail has developed a statistical model of how processes typically behave, helping security analysts, threat hunters, and incident response teams within the SOC to better understand processes and their behavior.

Specialties

Endpoint Detection and Response

Products

Polarity

Integrations

EchoTrail

Endpoint Detection and Response

The Polarity - EchoTrail integration utilizes the EchoTrail insights API to provide context around hashes and domains so analysts have insights into: what processes are, how they typically behave, who wrote them, and Security Intel on how they are used by threat actors. Enabling analysts to make quick decisions on how those indicators affect their environment.

Examples

EchoTrail Data Overview

Summary Tags: When searching an indicator in EchoTrail analysts will quickly be presented with the EchoTrail Prevalence Score. Which is a score assigned by EchoTrail that is a weighted average of the other scores EchoTrail collects.
Description: When an analyst drills into the integration they can quickly get a dull description of what the hash is and how it affects a user's system. While also being able to link out to EchoTrail for more information.
Score Context: Analysts can also get any related score context about the indicator.
Paths: These are the typical paths that the file will be found on the associated operating system.
Parent Paths: These are the parent/grandparent and child paths where the file associated with the indicator will be associated with.