Go to glueckkanja Website

Changelog

[1.0.1] - 2025-11-03

Updated the Agent Output.

[1.0.0] - 2025-09-30

Initial Release

First release of Forensic Agent Core! This version provides comprehensive incident analysis and forensic reporting for Microsoft Defender XDR incidents.

What's included:

  • Minute-by-minute incident timeline reconstruction

  • Entity extraction and relationship mapping (devices, users, IPs, domains, files, hashes)

  • Threat intelligence enrichment from multiple sources:

    • Shodan (port scans, services, vulnerabilities)

    • SSL/TLS certificate analysis

    • WHOIS registration data

    • CIRCL malware hash lookups

    • IP/domain reputation services

  • Device security posture analysis (vulnerabilities, software inventory, security controls)

  • Identity activity tracking with risk events and authentication patterns

  • Analyst comment correlation for investigation context

  • Incident classification (True Positive, False Positive, Escalate)

  • Malicious intent confidence scoring

  • Prioritized remediation recommendations

  • Standardized forensic reports ready for handoffs, audits, and escalations

  • Integration with Security Copilot for natural language incident analysis

PreviousPermissionsNextLicense Optimizer

Last updated

Was this helpful?