TriagingX offers:

1. An easier and faster threat investigation tool, TXHunter, to get the result in 2 minutes;

2. A better EDR/XDR that proactively detects and responses to all threats, TXShield;

3. Patent pending ransomware solution that directly targets ransomwre core business logic;

4. A cloud aware sandbox that analyzes unknown malware and cloud application analysis.


TXHunter conducts highly focused incident investigations remotely by taking a snapshot of the suspicious system and automatically conducting a full investigation of the suspect objects found. It is easier and faster. It supports ad-hoc on-demanding and offline operation. It collects, analyzes, and interprets results in less than 3 minutes, delivering the most completed hunting results. It also performs:

  • Vulnerability scanning for unpatched holes
  • Auditing and detecting mis configuration for potential threats
  • IOC query and IOD analysis for unwanted changes
  • Sandbox analysis for suspicious file/url objects
  • Searching past ran processes for past threats
  • Searching deleted files for threat traces
  • Searching DNS, network logs, events, browser history for network evidences
  • Searching for email attributes and attachments for malicious content


Provides powerful insights on executables, active document, script and malicious URL’s and finds new threats that signature/IOC scanning fails to detect…

  • Runs in a flexible docker container, VM or appliance
  • Cloud aware analysis, best for cloud application behavior analysis during attacks
  • Analyzes tough malware files, even if encrypted or packed with tough packers, such as Themida, Armadillo, VMprotect, or others.
  • Highly scalable
  • Easily customizable for code execution environment, ideally for analyzing targetted attacks
  • Access is via a Web GUI or Restful API for ease of integration with existing products.
  • Data stays within your control


TXShield is a better XDR/EDR that goes beyond protecting the first discovery of the attack, by determining the attack methods, automatically running ‘fire-drill’ tests on other connected systems in order to block those attack methods.

  • TXShield has better DETECTION capability. It includes TXHunter inside, not only detects all kinds of attacks at real time, but also automatically invokes a full forensic investigation on the endpoint system. 
  • TXShield stops ransomware at run time and restores user data files if encrypted. It's unavoidable ransomware trap (patent pending) directly interrupts ransomware core business logic, makes it impossible to demand for ransom.
  • TXShield also has built-in vulnerability scanning, AV engine, auditing, etc. all-in-one, provides a completed endpoint protection capability.
  • TXShield has faster RESPONSE, for both automated and menual action. It has built-in remote console access to managed endpoint.
  • TXShield provides proactive routinely checking and verifying security compliance and security posture changes, investigating any possible suspicious changes made to the sytem or applications.