Drag to left to slide
A few - search incidents with Shift P, switch between tabs with Shift-Up/Down, log out with Ctrl-Shift-L.
You can keep many incidents open at once. And your open tabs are persisted after closing Orchestrator.
We integrate with ~10 tools to contextualize IOCs quickly. Soon, we will integrate with SIEMs and endpoint and perimeter tools, too.
See what changes where made to the incident, when (see screenshot above)
We have a browsable REST API and Swagger-based interactive docs. (But both in alpha.)
You can export all of an incident's info to a single JSON file.
Chat with teammates in real time
Multiple people can edit an incident's notes at once, like Google Docs
Each incident will automatically be assigned an unique Zoom call link
No on-prem component (eg, an agent) required
No need to enter API keys, install anything, or go through an irritating interactive product tour
No justification needed :)
Enterprises today receive hundreds of security alerts per week, most false positives. This:
Common IR tasks require analysts to log into multiple consoles and struggle to move basic information from one to another.
Some promise to fully automate alert response using AI/ML, but security teams don't trust full automation. They worry about what damage it will cause rather than what problems it'll fix.
Some tools are designed specifically for certain formats (eg, MISP, VERIS, etc).
These formats are great for storing data, but don't always reflect how a human reasons about a threat or incident. Especially in the face of uncertainty.
Some competing tools have great-looking UIs, but creating an incident for example requires filling out a long form with a bunch of fields you don't care about.
In Orchestrator, you create incidents in 1 click - no form filling required.
One sysadmin told us that "graphics absolutely kill the performance of SOAR platforms". Visual editors, designed for Tier I SOC analysts, slow down experienced security staff, and so our web UI is minimal and fast.
Everything that can be done in the web UI can be done through the REST API, so you can write custom tools on top of Orchestrator. If there's enough interest, we'll release an official CLI version. Email us!
Private beta. To join the private beta, join our mailing list and we'll send an email when we accept our next private beta batch.Who is working on this product?
There are two of us working on this product:
Veeral Patel is a junior studying Computer Science at UC Berkeley.
Jemin Desai is a rising junior studying Electrical Engineering and Computer Science at UC Berkeley. He has dedicated himself to Computer Science education on campus and teaches CS61A, the introductory Computer Science course for all CS/EECS majors.Is it just tracking or does it automate response?
It automates response.What's your contact info?
Feel free to reach out anytime, we usually respond within the day
We'll send all project updates here.