Platform Capabilities

From Collection to Verdict

Everything your team needs for endpoint forensic analysis — automated.

40+
Artifact parsers
3
OS platforms
10
Compliance frameworks
15
MITRE tactics covered

Analysis Engine

AI-Powered Analysis

Multiple AI agents analyze artifacts in parallel — triage, deep forensics, findings extraction, and verdict scoring.

MITRE ATT&CK Mapping

Every finding mapped to tactics and techniques with confidence scoring and an interactive radar chart.

Timeline Reconstruction

Comprehensive timeline from filesystem, registry, event logs, browser history, and shell commands.

SURGE investigation detail showing CRITICAL verdict, activity timeline with cluster analysis, risk scoring, and forensic findings

How the Pipeline Works

Collect ZIP upload
Parse 40+ parsers
Analyze AI agents
Map MITRE ATT&CK
Verdict Risk score

Investigation Tools

AI Investigation Chat

Ask questions about any investigation in natural language. Full context of findings, timeline, and evidence.

Campaign Discovery

Automatic cross-investigation correlation. Shared IOCs cluster into campaigns with unified timelines.

Triage Queue

Priority-ranked investigations. Work Critical and High cases first, with bulk actions for efficient triage.

Automated Reports

Forensic reports with evidence, findings, MITRE mappings, and verdicts. Ready for stakeholders or legal.

Verdicts & Risk Scoring

Definitive verdicts — Malicious, Review, or Benign — with confidence scores and severity ratings.

Boost Analysis

Deep-dive mode with MFT re-parsing and a full secondary analysis pass for maximum coverage.

Collection & Coverage

40+ Artifact Parsers

EVTX, MFT, registry, prefetch, amcache, SRUM, NTDS.dit, browsers, macOS unified logs, FSEvents, Linux auditd, journalctl, and more.

Collector Agent

Lightweight collector for Windows, macOS, and Linux. Or bring your own — KAPE, Velociraptor, and more.

Scheduled Scans

Recurring forensic sweeps — hourly, daily, weekly, monthly, or custom cron. Target hosts, groups, or compliance-tagged endpoints.

Malware Analysis

Submit PE, ELF, or Mach-O binaries for deep analysis with disassembly, control flow graphs, and behavioral scoring.

Compliance & Governance

Compliance Tagging

Tag endpoints with PCI-DSS, HIPAA, SOC 2, NIST, ISO 27001, CMMC, FedRAMP, and more. Filter investigations by scope.

AI Agent Detection

Detect AI coding agents on endpoints — Claude, Copilot, Cursor, Windsurf, Aider. Flag unapproved shadow AI tools.

Tenant Isolation

Strict multi-tenant architecture with encrypted, isolated storage. Your forensic data never crosses boundaries.

Integrations

REST API

Submit collections, retrieve results, manage endpoints. Scoped API keys with read/write permissions.

Webhooks

Real-time event notifications to your SIEM, SOAR, or ticketing system when investigations complete.

Request Early Access

We're onboarding early access users now.