MANDIANT First Response is Incident Response management software intended for information security staff, investigators and forensic professionals that respond to computer security incidents. MANDIANT recognizes the importance of investigating any potential computer security incident, and we created MANDIANT First Response to foster diligent, effective and efficient response to these incidents.
MANDIANT First Response provides the ability to remotely collect the volatile data, file lists, registry information, event logs, running processes, running services, file time/date stamps and many other data sources to allow an organization to perform Precision strike responses when an incident may have occurred. MANDIANT First Response promotes getting the right information into the hands of the right people quickly and intelligently.
MANDIANT First Response contains a Command Console and a First Response Agent. The First Response Agent can be deployed on your infrastructure prior to an incident and run as a service for network-based acquisition of information, or run locally if you're working with individual assets. The data collected by the First Response Agent includes the data used by responders to determine whether an incident occurred or not. The Command Console provides an intuitive graphical user interface and report generating capability to allow your analysts to rapidly Review, categorize and report on findings. Since all data is gathered, stored, and manipulated as compressed XML, you can easily use MANDIANT First Response data in conjunction with other information security products deployed in your environment. The ability to Capture important system data and review it in an effective, centralized location exists today with MANDIANT First Response.