EchoTrail
EchoTrail is a platform that provides insights on process execution logs, aiming to accelerate analysts, reduce the load on SOAR/SIEM systems, and enhance endpoint data. By leveraging a data lake of process execution data, EchoTrail has developed a statistical model of how processes typically behave, helping security analysts, threat hunters, and incident response teams within the SOC to better understand processes and their behavior.
Specialties
Products
Integrations
EchoTrail
The Polarity - EchoTrail integration utilizes the EchoTrail insights API to provide context around hashes and domains so analysts have insights into: what processes are, how they typically behave, who wrote them, and Security Intel on how they are used by threat actors. Enabling analysts to make quick decisions on how those indicators effect their environment.
Examples
EchoTrail Data Overview
- Summary Tags: When searching an indicator in EchoTrail analysts will quickly be presented with the EchoTrail Prevalence Score. Which is a score assigned by EchoTrail that is a weighted average of the other scores EchoTrail collects.
- Description: When an analyst drills into the integration they can quickly get a dull description on what the hash is and how it effects a users system. While also being able to link out to EchoTrail for more information.
- Score Context: Analysts can also get any related score context about the indicator.
- Paths: These are the typical paths that the file will be found on the associated operating system.
- Parent Paths: These are the parent/grandparent and child paths where the file associated with the indicator will be associated with.
Related Resources
Built By Polarity