WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at Nov. 13, 2024, 1:35 p.m.

18 +0

763 +1

82 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

updated at Nov. 13, 2024, 1:36 p.m.

101 +0

2,861 +3

332 -1

playbooks by phantomcyber

Phantom Community Playbooks

updated at Nov. 13, 2024, 2:37 p.m.

63 +0

472 +0

201 +0

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

updated at Nov. 13, 2024, 4:27 p.m.

158 +0

1,385 -1

274 +0

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at Nov. 13, 2024, 7:25 p.m.

44 +0

978 +4

160 +1

CyLR by orlikoski

CyLR - Live Response Collection Tool

updated at Nov. 13, 2024, 10:07 p.m.

32 +0

645 +3

88 -1

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

updated at Nov. 13, 2024, 11:23 p.m.

28 +0

797 +3

124 +0

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

updated at Nov. 14, 2024, 12:13 a.m.

32 +0

875 +1

76 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at Nov. 14, 2024, 3:59 a.m.

17 +0

242 +1

50 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at Nov. 14, 2024, 4 a.m.

47 +0

1,255 +3

239 +1

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

updated at Nov. 14, 2024, 7:18 a.m.

68 +0

1,022 +1

224 -1

Fastir_Collector_Linux by SekoiaLab

None

updated at Nov. 14, 2024, 7:44 a.m.

23 +0

173 +1

42 +0

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

updated at Nov. 14, 2024, 8:49 a.m.

50 +0

996 +2

146 +0

RTA by endgameinc

None

updated at Nov. 14, 2024, 8:50 a.m.

96 +0

1,050 +1

212 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

updated at Nov. 14, 2024, 10:47 a.m.

35 +0

1,260 +3

132 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at Nov. 14, 2024, 1:53 p.m.

75 +0

1,101 +3

151 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at Nov. 15, 2024, 4:23 a.m.

27 +0

296 -1

72 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at Nov. 15, 2024, 10:36 a.m.

22 +0

924 +3

65 +1

plaso by log2timeline

Super timeline all the things

updated at Nov. 15, 2024, 12:45 p.m.

94 +1

1,734 +2

352 +1

timesketch by google

Collaborative forensic timeline analysis

updated at Nov. 15, 2024, 1:11 p.m.

137 +0

2,614 +6

589 +0