Awesome Open Source

Programming Languages

Search results for incident response

incident-response x

272 search results found

All-in-one bundle of MISP, TheHive and Cortex

Wazuh Documentation ⭐ 151

Wazuh - Project documentation

Imago Forensics ⭐ 144

Imago is a python tool that extract digital evidences from images.

A cybersecurity game in Azure Data Explorer

Invoke Liveresponse ⭐ 141

Invoke-LiveResponse

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Awesome ⭐ 121

A curated list of awesome things related to TheHive & Cortex

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Patrowldocs ⭐ 118

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Socless ⭐ 117

The SOCless automation framework

Cti Blueprints ⭐ 116

CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.

Jupyter Notebook For Incident Response ⭐ 116

A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incident responders in identifying, containing, eradicating, and recovering from an incident.

Malwaremustdie ⭐ 115

repository of tools & resources of the MMD team

Fucking Awesome Incident Response ⭐ 113

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Sandfly Entropyscan ⭐ 108

Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives output with cryptographic hashes.

On-call scheduling and incident response

Rdpcachestitcher ⭐ 106

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Vanillawindowsreference ⭐ 99

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!

Linux Incident Response ⭐ 98

practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response

Evtx Hunter ⭐ 93

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Cybersecurity Entry Level ⭐ 92

Curso para aprender Ciberseguridad desde cero, en español y 100% gratis. Abarca 5 dominios fundamentales que necesitas conocer para poder dar tus primeros pasos en este apasionante mundo.

Mediator ⭐ 91

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

SIAC is an enterprise SIEM built on open-source technology.

Incident Bot ⭐ 86

The Open Source Incident Management Framework

Docker Templates ⭐ 78

Docker configurations for TheHive, Cortex and 3rd party tools

Wazuh Ossec ⭐ 78

WAZUH - The Open Source Security Platform Installation

Shodan Monitoring integration for TheHive.

Wheel Of Misfortune ⭐ 72

A role-playing game for incident management training

Squidmagic ⭐ 70

analyze a web-based network traffic 🕶 to detect central command and control servers

Threathunt ⭐ 70

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Wazuh Packages ⭐ 69

Wazuh - Tools for packages creation

Yara Endpoint ⭐ 68

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

Ioc Explorer ⭐ 66

Explore Indicators of Compromise Automatically

Cyber-investigation Analysis Standard Expression (CASE) Ontology

Cloud Droid ⭐ 61

Cloud Incident and Response Simulations

Check_ioc ⭐ 58

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response). For more information on the script and the logic behind it, check out https://www.linuxincluded.com/uncovering-indicator

Pywirt - Python Windows Incident Response Toolkit

Tuxresponse ⭐ 56

Linux Incident Response

Wazuh Api ⭐ 56

Wazuh - RESTful API

Postmortem Docs ⭐ 56

PagerDuty's Public Postmortem Documentation

Incidents ⭐ 55

Please use https://github.com/veeral-patel/true-positive instead

Aws Security Hub Response And Remediation ⭐ 55

Pre-configured response & remediation playbooks for AWS Security Hub

Mobile Incident Response ⭐ 52

Mobile Incident Response Book

Pylirt - Python Linux Incident Response Toolkit

Powergrr ⭐ 51

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Compliance ⭐ 50

Legal, procedural and policies document templates for operating an IRT

Aws Incident Response Playbooks Workshop ⭐ 50

Ios Triage ⭐ 49

incident response tool for iOS devices

A PowerShell incident response script for quick triage

Defensomania ⭐ 48

Defensomania is a security monitoring and incident response card game.

Bits_parser ⭐ 48

Extract BITS jobs from QMGR queue and store them as CSV records

Historicprocesstree ⭐ 46

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Mimicry is a dynamic deception tool that actively deceives an attacker during exploitation and post-exploitation.

Indxripper ⭐ 45

Carve file metadata from NTFS index ($I30) attributes

Analyst Casefile ⭐ 43

Maltego CaseFile entities for information security investigations, malware analysis and incident response

Power Response ⭐ 43

Powering Up Incident Response with Power-Response

Docker Yara ⭐ 42

Yara Dockerfile

Scripting ⭐ 42

PS / Bash / Python / Other scripts For FUN!

Blazescan ⭐ 41

Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.

Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform

dcfldd - enhanced version of dd for forensics and security

Training Materials ⭐ 39

Inxidents ⭐ 39

Incident Monitoring for the Lean and Mean ;)

A cross platform forensic parser written in Rust!

Winterfell Collection ⭐ 39

Winterfell is a group of windows batch scripts to collect Windows forensics data and perform efficient, and fast incident response and threat hunting activities.

Awesome Endpoint Detection And Response ⭐ 39

Collection of tool you need to have in your Endpoint Detection and Response arsenal

Wazuh Puppet ⭐ 38

Wazuh - Puppet module

LOKI2 - Simple IOC and YARA Scanner

Wazuh Cloudformation ⭐ 36

Wazuh - Amazon AWS Cloudformation

Utmstack ⭐ 34

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

Azuread Incident Response ⭐ 34

Notes on responding to security breaches relating to Azure AD

Fastfinder ⭐ 34

Incident Response - Fast suspicious file finder

Incident Response ⭐ 34

Powersponse ⭐ 33

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

Gdpatrol ⭐ 31

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Penguin OS Forensic (or Flight) Recorder

Logboost ⭐ 31

Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.

Weiyingcloud ⭐ 30

维鹰云智能事件平台，告警事件统一接收、降噪、处置

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Trace ScriptBlock execution for powershell v2

Apiosintds ⭐ 26

On demand query API for https://github.com/davidonzo/Threat-Intel project.

Douglas 042 ⭐ 26

Powershell script to help Speed up Threat hunting incident response processes

Cortex4py ⭐ 26

Python API Client for Cortex

Parses Windows event logs files based on SANS Poster

Ngx Charts Builder ⭐ 26

🚀 Chart Builder for ngx-charts!

Attack Threat_intel ⭐ 23

Graph Representation of MITRE ATT&CK's CTI data

Syntheticsun ⭐ 23

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Decipheringual ⭐ 23

This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365 Unified Audit Log.

Hikeshi is a security incident response application that keeps documenting incidents simple, so you can focus on fighting fires.

Simple Live Data Collection ⭐ 19

Simple Live Data Collection Tool

Macostriagecollectionscript ⭐ 19

A triage data collection script for macOS

Wazuh Chef ⭐ 19

Wazuh - Chef cookbooks

Ccxdigger ⭐ 19

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Awesome Security Card Games ⭐ 18

A curated list of security card games.

Learningfromincidents ⭐ 17

Links and resources from my talk about how to learn more from incidents!

Cti Stix Diamond Activity Attack Graph ⭐ 17

STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling

Pyarascanner ⭐ 17

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Austin Tech Meetups ⭐ 17

A comprehensive list of Austin Tech Meetups with Codes of Conduct

Threathunting Keywords Yara Rules ⭐ 17

yara detection rules for hunting with the threathunting-keywords project

Prefetch Hash Cracker ⭐ 17

A small util to brute-force prefetch hashes

101-200 of 272 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.