Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for dfir incident response
dfir
x
incident-response
x
76 search results found
My Arsenal Of Aws Security Tools
⭐
8,549
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Awesome Incident Response
⭐
6,852
A curated list of tools for incident response
Thehive
⭐
3,216
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Intelowl
⭐
3,108
IntelOwl: manage your Threat Intelligence at scale
Cyberchef Recipes
⭐
1,920
A list of cyber-chef recipes and curated links
Hayabusa
⭐
1,800
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Cortex
⭐
1,237
Cortex: a Powerful Observable Analysis and Active Response Engine
Beagle
⭐
1,171
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Cyberthreathunting
⭐
755
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Kuiper
⭐
688
Digital Forensics Investigation Platform
Azurehunter
⭐
626
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Uac
⭐
550
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Awesome Event Ids
⭐
515
Collection of Event ID ressources useful for Digital Forensics and Incident Response
Dfirtrack
⭐
464
DFIRTrack - The Incident Response Tracking Application
Cloud Forensics Utils
⭐
418
Python library to carry out DFIR analysis on the Cloud
Cortex Analyzers
⭐
400
Cortex Analyzers Repository
Atc React
⭐
392
A knowledge base of actionable Incident Response techniques
Memprocfs Analyzer
⭐
358
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Dfir Orc
⭐
343
Forensics artefact collection tool for systems running Microsoft Windows
Ir Rescue
⭐
309
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Forensictools
⭐
270
Collection of forensic tools
Threathunting Keywords
⭐
252
Awesome list of keywords for Threat Hunting sessions
Pockint
⭐
251
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Masterparser
⭐
238
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Catalyst
⭐
237
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
Threatpinchlookup
⭐
236
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Trawler
⭐
224
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
Thehive4py
⭐
201
Python API Client for TheHive
Collect Memorydump
⭐
186
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Pypowershellxray
⭐
184
Python script to decode common encoded PowerShell scripts
Mde Dfir Resources
⭐
184
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Mindmaps
⭐
172
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Mthc
⭐
154
All-in-one bundle of MISP, TheHive and Cortex
Imago Forensics
⭐
144
Imago is a python tool that extract digital evidences from images.
Invoke Liveresponse
⭐
141
Invoke-LiveResponse
Oriana
⭐
136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Cdir
⭐
120
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Fucking Awesome Incident Response
⭐
113
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Rdpcachestitcher
⭐
106
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Vanillawindowsreference
⭐
99
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
Docker Templates
⭐
78
Docker configurations for TheHive, Cortex and 3rd party tools
Threathunt
⭐
70
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Incidents
⭐
55
Please use https://github.com/veeral-patel/true-positive instead
Historicprocesstree
⭐
46
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Indxripper
⭐
45
Carve file metadata from NTFS index ($I30) attributes
Power Response
⭐
43
Powering Up Incident Response with Power-Response
Scripting
⭐
42
PS / Bash / Python / Other scripts For FUN!
Blazescan
⭐
41
Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.
Synapse
⭐
40
Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform
Dcfldd
⭐
39
dcfldd - enhanced version of dd for forensics and security
Loki2
⭐
38
LOKI2 - Simple IOC and YARA Scanner
Fastfinder
⭐
34
Incident Response - Fast suspicious file finder
Pofr
⭐
31
Penguin OS Forensic (or Flight) Recorder
Logboost
⭐
31
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
Meat
⭐
28
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Pstrace
⭐
27
Trace ScriptBlock execution for powershell v2
Evilize
⭐
26
Parses Windows event logs files based on SANS Poster
Cortex4py
⭐
26
Python API Client for Cortex
Ccxdigger
⭐
19
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Prefetch Hash Cracker
⭐
17
A small util to brute-force prefetch hashes
Pyarascanner
⭐
17
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Threathunting Keywords Yara Rules
⭐
17
yara detection rules for hunting with the threathunting-keywords project
Cdir A
⭐
16
CDIR Analyzer - parsers for data collected by CDIR Collector
Ir_scripts
⭐
15
incident response scripts
Iris Client
⭐
13
Python client for DFIR-IRIS
Yara Rules
⭐
13
Links to malware-related YARA rules
Thehive Resources
⭐
12
A repository to share contributions related to TheHive Project
Packrat
⭐
12
Live system forensic collector
Threathunting_with_osquery
⭐
11
Threat Hunting & Incident Investigation with Osquery
Annotationis
⭐
9
Various notes/memoranda
User_accounts_hunting
⭐
9
The scrip will help you to find some values info for the user that you need as DFIR
Digitalshadows2th
⭐
9
DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Zerofox2th
⭐
7
Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Awesome Soc Appliances
⭐
6
A curated list of FOSS software appliances for building a SOC
Get Minitimeline
⭐
6
Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
Blauhaunt
⭐
5
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
Packettrail
⭐
5
Associates netflow data with system processes and logs to syslog
1-76 of 76 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.