We are excited to announce the release of a groundbreaking API today. AccessData is the first digital forensics software company to offer an API that integrates seamlessly with a company’s cybersecurity platform to kick-off a post-breach investigation from the first moments after an intrusion has been detected.This new API automates the previously time-intensive manual process of launching the investigative workflow by triggering the early stages of data collection. This maximizes the speed of incident response and initiates the immediate preservation of electronic evidence that could prove crucial in the digital investigation.
Here is how it works: The API enables a secure connection between a client’s cyber platform (e.g., Demisto, Phantom, etc.) and any compatible AccessData product, such as AD Lab or AD Enterprise. If the cybersecurity software detects an attack, it sends an alert that is received by the AccessData software, which initiates a collection job at a designated endpoint. This saves precious time in the initial stages of the incident response by preserving data relating to the root cause of the breach.
“The new AccessData release contains a critical API option that will allow our team to integrate our SIEM platform with our forensic platform,” said Scott Sattler, forensic consultant from SecureLabs.net. “This capability enables us to perform automated response to events detected with SIEM platforms, such as Arcsight or Splunk. This feature will save about 40 minutes of analyst time per incident. The API integration with our SIEM is an important force-multiplier for our existing staff by leveraging the power of automation.”
In addition to its integration with cybersecurity platforms, the new API also integrates with case management systems, e-discovery applications and other third-party software tools that are connected to the digital investigations workflow. This integration speeds up the investigation, and also reduces the risk and expense of passing data between platforms.
For example, AD Lab customers can use the API to integrate with case management tools to automate case creation, automatically process jobs with defined organization standards and keep the investigator informed when their job was finished. This will cut the time the users wait for jobs to be completed and increase the defensibility of the settings used by each investigator.
Or AD eDiscovery customers might use the API to integrate with an e-discovery system to automate a standard endpoint collection template used in an organization after someone is put on hold. This type of automation allows less experienced users to just use a litigation hold functionality but still preserve endpoint data automatically.
The new AccessData API is available for a single perpetual license fee. This one-time investment allows users to integrate an unlimited number of software tools with their AccessData solutions.
Please click here for more information about our introductory API bundle, which includes the perpetual AccessData API license, professional service hours and software maintenance and support.