PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

created at Sept. 14, 2017, 9:15 a.m.

15 +0

36 +0

6 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

created at Sept. 7, 2017, 6:25 a.m.

24 +0

244 +0

64 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

created at Aug. 24, 2017, 3:37 p.m.

44 +0

719 +1

99 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

created at July 18, 2017, 1:14 p.m.

20 +0

56 +0

7 +0

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

created at July 5, 2017, 9:17 p.m.

199 +1

5,893 +18

868 +3

bitscout by vitaly-kamluk

Remote forensics meta tool

created at June 30, 2017, 10:20 a.m.

49 +0

437 +0

105 +0

sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

created at June 23, 2017, 8:59 a.m.

12 +0

65 +0

15 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

created at April 2, 2017, 6:11 p.m.

17 +0

189 +1

26 +0

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

created at March 28, 2017, 3:07 a.m.

370 +0

3,877 +3

796 +1

HELK by Cyb3rWard0g

The Hunting ELK

created at March 14, 2017, 7:14 p.m.

216 +0

3,702 +3

673 +1

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

created at Feb. 19, 2017, 8:31 p.m.

11 +0

138 +1

22 +0

sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

created at Feb. 1, 2017, 6:49 p.m.

357 +0

4,591 +10

1,670 +1

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,826 +0

334 +0

sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

327 +0

7,670 +16

2,102 +9

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

created at Nov. 28, 2016, 5:58 p.m.

68 +0

1,009 +0

222 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

37 +0

479 +0

68 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

134 +0

36 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

created at Sept. 25, 2016, 4:15 p.m.

6 +0

19 +1

7 +0

Panorama by AlmCo

Fast incident overview

created at Sept. 12, 2016, 8:35 p.m.

3 +0

38 +0

6 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

created at Sept. 6, 2016, 10:14 p.m.

32 +0

600 +0

88 +0