Incident Response
Explore 241 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
CYE provides cybersecurity consulting services that combine risk quantification, attack route visualization, and expert advisory to help organizations assess, quantify, and mitigate their cyber exposure in financial terms.
CYE provides cybersecurity consulting services that combine risk quantification, attack route visualization, and expert advisory to help organizations assess, quantify, and mitigate their cyber exposure in financial terms.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
SentinelOne Purple AI is an AI-powered security analyst solution that simplifies threat hunting and investigations, empowers analysts, accelerates security operations, and safeguards data.
SentinelOne Purple AI is an AI-powered security analyst solution that simplifies threat hunting and investigations, empowers analysts, accelerates security operations, and safeguards data.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A penetration testing framework for identifying and exploiting vulnerabilities.
A penetration testing framework for identifying and exploiting vulnerabilities.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
Interactive malware hunting service with live access to the heart of an incident.
Interactive malware hunting service with live access to the heart of an incident.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Modular Threat Hunting Tool & Framework
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A free and open-source OSINT framework for gathering and analyzing data from various sources
A free and open-source OSINT framework for gathering and analyzing data from various sources
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A detection-as-code platform for streamlining cloud security operations and responding to security incidents.
A detection-as-code platform for streamlining cloud security operations and responding to security incidents.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A repository to aid Windows threat hunters in looking for common artifacts.
A repository to aid Windows threat hunters in looking for common artifacts.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A panic button app for triggering a ripple effect across apps responding to panic events
A panic button app for triggering a ripple effect across apps responding to panic events
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Automate security incident handling and facilitate real-time activities of incident handlers.
Automate security incident handling and facilitate real-time activities of incident handlers.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
Threat intelligence and digital risk protection platform
A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.
A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
Collection of malware persistence information and techniques
Collection of malware persistence information and techniques
A documentation template library for implementing industrial information security management systems.
A documentation template library for implementing industrial information security management systems.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
A collection of YARA rules for research and hunting purposes.
A collection of YARA rules for research and hunting purposes.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Tool for visualizing correspondences between YARA ruleset and samples
Tool for visualizing correspondences between YARA ruleset and samples
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
An informational repo about hunting for adversaries in your IT environment.
An informational repo about hunting for adversaries in your IT environment.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A collection of structured incident response playbook battle cards that provide prescriptive countermeasures and procedures for combating cyber threats and attacks during security incidents.
A collection of structured incident response playbook battle cards that provide prescriptive countermeasures and procedures for combating cyber threats and attacks during security incidents.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Automated collection tool for incident response triage in Windows systems.
Automated collection tool for incident response triage in Windows systems.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A standardized framework for describing and classifying cybersecurity incidents
A standardized framework for describing and classifying cybersecurity incidents
Developing APIs to access memory on industrial control system devices.
Developing APIs to access memory on industrial control system devices.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
Curated datasets for developing and testing detections in SIEM installations.
Curated datasets for developing and testing detections in SIEM installations.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A system for collecting, managing, and distributing security information on a large scale, developed by CERT Polska.
A system for collecting, managing, and distributing security information on a large scale, developed by CERT Polska.
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A framework for improving detection strategies and alert efficacy.
A framework for improving detection strategies and alert efficacy.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Incident response and case management solution for efficient incident response and management.
Incident response and case management solution for efficient incident response and management.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
Web-based tool for incident response with easy local installation using Docker.
Web-based tool for incident response with easy local installation using Docker.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A simple maturity model for enterprise detection and response
A simple maturity model for enterprise detection and response
An open-source SOAR tool for automating threat and incident response workflows using CACAO security playbooks.
An open-source SOAR tool for automating threat and incident response workflows using CACAO security playbooks.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A Forensic Framework for Skype with various investigative options.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A daily updated summary of security advisories from various sources
A set of YARA rules for identifying files containing sensitive information
A set of YARA rules for identifying files containing sensitive information
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts
A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
A collection of companies that disclose adversary TTPs after being breached, useful for analysis of intrusions.
A collection of companies that disclose adversary TTPs after being breached, useful for analysis of intrusions.
Real-time, container-based file scanning system for threat hunting and incident response.
Real-time, container-based file scanning system for threat hunting and incident response.
Hoarder is a tool to collect and parse windows artifacts.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
Endpoint security platform using Moving Target Defense to prevent cyber attacks and provide adaptive exposure management and threat prevention.
Endpoint security platform using Moving Target Defense to prevent cyber attacks and provide adaptive exposure management and threat prevention.
A collection of tools for forensics teams to collect evidence from cloud platforms
A collection of tools for forensics teams to collect evidence from cloud platforms
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Repository of APT-related documents and notes sorted by year.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Customizable live OS constructor tool for remote forensics and incident response.
Customizable live OS constructor tool for remote forensics and incident response.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
Freely available network IOCs for monitoring and incident response
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
MITRE Caldera™ is a cybersecurity platform that automates adversary emulation and supports red team operations through a modular framework built on MITRE ATT&CK.
MITRE Caldera™ is a cybersecurity platform that automates adversary emulation and supports red team operations through a modular framework built on MITRE ATT&CK.
Cortex XDR is a comprehensive endpoint security solution that blocks advanced attacks with behavioral threat protection, AI, and cloud-based analysis, and provides complete endpoint security and lightning-fast investigation and response.
Cortex XDR is a comprehensive endpoint security solution that blocks advanced attacks with behavioral threat protection, AI, and cloud-based analysis, and provides complete endpoint security and lightning-fast investigation and response.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
Real-time capture the flag (CTF) scoring engine for computer wargames with a fun game-like environment for learning cybersecurity skills.
Real-time capture the flag (CTF) scoring engine for computer wargames with a fun game-like environment for learning cybersecurity skills.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A collaborative and open-source incident response platform for sharing observables among analysts.
A collaborative and open-source incident response platform for sharing observables among analysts.
Python command line utility for incident response in AWS
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
Level 400 training to become a Microsoft Sentinel Ninja.
Level 400 training to become a Microsoft Sentinel Ninja.
Visualize and analyze network relationships with AfterGlow
Ansible role for deploying and managing Bifrozt honeypots
Collects and organizes Linux OS data for detailed analysis and incident response.
Collects and organizes Linux OS data for detailed analysis and incident response.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A cybersecurity incident management platform for tracking and reporting incidents with agility and speed.
A cybersecurity incident management platform for tracking and reporting incidents with agility and speed.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.
A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.
Modern digital forensics and incident response platform with comprehensive tools.
Modern digital forensics and incident response platform with comprehensive tools.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
Repository of templates for Ayehu's workflows with the ability to design, execute, and automate IT and business processes.
Repository of templates for Ayehu's workflows with the ability to design, execute, and automate IT and business processes.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
Open Source computer forensics platform with modular design for easy automation and scripting.
Open Source computer forensics platform with modular design for easy automation and scripting.
A module-based AWS response tool for incident response in AWS environments.
A module-based AWS response tool for incident response in AWS environments.
RedELK enhances Red Team operations with SIEM capabilities to monitor and alert on Blue Team activities.
Comprehensive documentation for ThreatConnect's REST API and SDKs.
Comprehensive documentation for ThreatConnect's REST API and SDKs.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
In-depth analysis of real-world attacks and threat tactics
In-depth analysis of real-world attacks and threat tactics
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A community-led project focused on standardizing security event logs.
A community-led project focused on standardizing security event logs.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
Serverless, real-time data analysis framework for incident detection and response.
Serverless, real-time data analysis framework for incident detection and response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A structured approach to managing and responding to suspected security events or incidents.
A structured approach to managing and responding to suspected security events or incidents.
A comprehensive and unrestricted dataset of security incidents for research and decision-making
A comprehensive and unrestricted dataset of security incidents for research and decision-making
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A public incident response process documentation used at PagerDuty
A public incident response process documentation used at PagerDuty
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
An Outlook add-in for reporting suspicious emails to security teams and tracking user behavior during awareness campaigns.
An Outlook add-in for reporting suspicious emails to security teams and tracking user behavior during awareness campaigns.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A container of PCAP captures mapped to the relevant attack tactic
A framework for accumulating, describing, and classifying actionable Incident Response techniques
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Incident response platform for automating alert handling and incident response procedures.
Incident response platform for automating alert handling and incident response procedures.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A simple, self-contained modular host-based IOC scanner for incident responders.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A Go-based honeypot server for detecting and logging attacker activity
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
Incident Response Documentation tool for tracking findings and tasks.
Incident Response Documentation tool for tracking findings and tasks.
Detailed analysis of the event-stream incident and actions taken by npm Security.
Detailed analysis of the event-stream incident and actions taken by npm Security.
Open source web app for storing and searching Actor related data from users and public repositories.
Open source web app for storing and searching Actor related data from users and public repositories.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A PHP based web application for managing postmortems with pluggable features.
A PHP based web application for managing postmortems with pluggable features.
Templates for incident response run-books tailored for AWS environments based on NIST guidelines.
Templates for incident response run-books tailored for AWS environments based on NIST guidelines.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
View physical memory as files in a virtual file system for easy memory analysis and artifact access.
View physical memory as files in a virtual file system for easy memory analysis and artifact access.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Get insights into the latest cybersecurity trends and expert advice on enhancing organizational security.
Get insights into the latest cybersecurity trends and expert advice on enhancing organizational security.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
