- Original path:
profiles/targets/Quick_Triage.toml
# Quick Triage Target
# Fast triage for initial incident assessment
[target]
name = "Quick_Triage"
description = "Fast triage collection for rapid incident assessment"
category = "triage"
priority = "high"
# Essential modules only
modules = [
"windows/execution",
"browser/chrome",
"browser/firefox"
]
# Core security patterns
includes = [
"../base/malware.toml",
"../base/credentials.toml"
]
# Quick triage patterns
[[patterns]]
name = "Recent Activity"
pattern = "(?:recent|temp|cache)"
case-insensitive = true
type = "regex"
[[patterns]]
name = "Suspicious Extension"
pattern = "\\.(?:exe|dll|bat|ps1|vbs|js)$"
case-insensitive = true
type = "regex"
[[signatures]]
name = "Quick Triage Hits"
query = "SELECT sha256, COUNT(*) as hit_count FROM pattern_matches GROUP BY sha256 HAVING hit_count > 2 ORDER BY hit_count DESC LIMIT 100"