What is DRONE?

DRONE is AIR's automated compromise assessment feature, providing a powerful decision support system to accelerate security investigations. It automatically analyzes collected evidence and live assets using a library of always-up-to-date analyzers maintained by the Binalyze threat hunting team.

DRONE can be executed in two modes of operation:

• Responder-side (Assets): Analysis takes place via the Responder on the asset as part of an evidence collection or threat hunt.

• Server-side (Console): Previously collected evidence is analyzed or reanalyzed directly on the AIR database server, without any requirement to reconnect to the original asset.

By automatically classifying findings as High, Medium, Low, or Matched, DRONE pinpoints anomalies and potential indicators of compromise, dramatically reducing investigation time and effort.

Read more about DRONE, AIR’s built-in automated compromise assessment technology here: Automated Compromise Assessment with DRONE