Incident Response
Explore 261 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Material Security is a cloud workspace security platform that provides detection and response capabilities for email, file, and account security across Google Workspace and Microsoft 365 environments.
Material Security is a cloud workspace security platform that provides detection and response capabilities for email, file, and account security across Google Workspace and Microsoft 365 environments.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
Novacoast Managed Security Services provides comprehensive outsourced cybersecurity solutions including SIEM, EDR, DLP, PAM, and incident response through their NOC and SOC operations.
Novacoast Managed Security Services provides comprehensive outsourced cybersecurity solutions including SIEM, EDR, DLP, PAM, and incident response through their NOC and SOC operations.
Swimlane Turbine is a cloud-native security hyperautomation platform that uses AI to automate security operations workflows, integrate disparate security tools, and enhance incident response capabilities.
Swimlane Turbine is a cloud-native security hyperautomation platform that uses AI to automate security operations workflows, integrate disparate security tools, and enhance incident response capabilities.
Black Kilt Security is a cybersecurity consulting firm that provides strategic planning, technology integration, compliance consulting, security engineering, and cyber forensics services to organizations of various sizes.
Black Kilt Security is a cybersecurity consulting firm that provides strategic planning, technology integration, compliance consulting, security engineering, and cyber forensics services to organizations of various sizes.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
A cybersecurity consulting service that provides security assessments, compliance guidance, and strategic planning across multiple industries with flexible engagement models.
A cybersecurity consulting service that provides security assessments, compliance guidance, and strategic planning across multiple industries with flexible engagement models.
CYE provides cybersecurity consulting services that combine risk quantification, attack route visualization, and expert advisory to help organizations assess, quantify, and mitigate their cyber exposure in financial terms.
CYE provides cybersecurity consulting services that combine risk quantification, attack route visualization, and expert advisory to help organizations assess, quantify, and mitigate their cyber exposure in financial terms.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
OX Security Platform is a web application security solution that provides automated protection against SQL injection, malformed data attacks, and unauthorized access through Cloudflare-integrated threat detection and blocking capabilities.
OX Security Platform is a web application security solution that provides automated protection against SQL injection, malformed data attacks, and unauthorized access through Cloudflare-integrated threat detection and blocking capabilities.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
SecTemplates provides free security program templates, runbooks, and documentation resources for information security professionals and engineering teams.
SecTemplates provides free security program templates, runbooks, and documentation resources for information security professionals and engineering teams.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
SentinelOne Purple AI is an AI-powered security analyst solution that simplifies threat hunting and investigations, empowers analysts, accelerates security operations, and safeguards data.
SentinelOne Purple AI is an AI-powered security analyst solution that simplifies threat hunting and investigations, empowers analysts, accelerates security operations, and safeguards data.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A penetration testing framework for identifying and exploiting vulnerabilities.
A penetration testing framework for identifying and exploiting vulnerabilities.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
Interactive malware hunting service with live access to the heart of an incident.
Interactive malware hunting service with live access to the heart of an incident.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
An automated security response system for Google Cloud that processes Security Command Center findings and executes predefined remediation actions like disk snapshots, IAM revocation, and notifications.
An automated security response system for Google Cloud that processes Security Command Center findings and executes predefined remediation actions like disk snapshots, IAM revocation, and notifications.
Modular Threat Hunting Tool & Framework
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A free and open-source OSINT framework for gathering and analyzing data from various sources
A free and open-source OSINT framework for gathering and analyzing data from various sources
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A repository to aid Windows threat hunters in looking for common artifacts.
A repository to aid Windows threat hunters in looking for common artifacts.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Automate security incident handling and facilitate real-time activities of incident handlers.
Automate security incident handling and facilitate real-time activities of incident handlers.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
Threat intelligence and digital risk protection platform
A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.
A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
Collection of malware persistence information and techniques
Collection of malware persistence information and techniques
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of YARA rules for research and hunting purposes.
A collection of YARA rules for research and hunting purposes.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
Tool for visualizing correspondences between YARA ruleset and samples
Tool for visualizing correspondences between YARA ruleset and samples
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Automated collection tool for incident response triage in Windows systems.
Automated collection tool for incident response triage in Windows systems.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A standardized framework for describing and classifying cybersecurity incidents
A standardized framework for describing and classifying cybersecurity incidents
Developing APIs to access memory on industrial control system devices.
Developing APIs to access memory on industrial control system devices.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Curated datasets for developing and testing detections in SIEM installations.
Curated datasets for developing and testing detections in SIEM installations.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A framework for improving detection strategies and alert efficacy.
A framework for improving detection strategies and alert efficacy.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Incident response and case management solution for efficient incident response and management.
Incident response and case management solution for efficient incident response and management.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
Web-based tool for incident response with easy local installation using Docker.
Web-based tool for incident response with easy local installation using Docker.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A simple maturity model for enterprise detection and response
A simple maturity model for enterprise detection and response
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A Forensic Framework for Skype with various investigative options.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts
A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Hoarder is a tool to collect and parse windows artifacts.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
Endpoint security platform using Moving Target Defense to prevent cyber attacks and provide adaptive exposure management and threat prevention.
Endpoint security platform using Moving Target Defense to prevent cyber attacks and provide adaptive exposure management and threat prevention.
A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.
A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Repository of APT-related documents and notes sorted by year.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.
Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
Freely available network IOCs for monitoring and incident response
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.
MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.
Cortex XDR is a comprehensive endpoint security solution that blocks advanced attacks with behavioral threat protection, AI, and cloud-based analysis, and provides complete endpoint security and lightning-fast investigation and response.
Cortex XDR is a comprehensive endpoint security solution that blocks advanced attacks with behavioral threat protection, AI, and cloud-based analysis, and provides complete endpoint security and lightning-fast investigation and response.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A collaborative and open-source incident response platform for sharing observables among analysts.
A collaborative and open-source incident response platform for sharing observables among analysts.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
Level 400 training to become a Microsoft Sentinel Ninja.
Level 400 training to become a Microsoft Sentinel Ninja.
Visualize and analyze network relationships with AfterGlow
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
Modern digital forensics and incident response platform with comprehensive tools.
Modern digital forensics and incident response platform with comprehensive tools.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
Open Source computer forensics platform with modular design for easy automation and scripting.
Open Source computer forensics platform with modular design for easy automation and scripting.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
In-depth analysis of real-world attacks and threat tactics
In-depth analysis of real-world attacks and threat tactics
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A community-led project focused on standardizing security event logs.
A community-led project focused on standardizing security event logs.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
Serverless, real-time data analysis framework for incident detection and response.
Serverless, real-time data analysis framework for incident detection and response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A structured approach to managing and responding to suspected security events or incidents.
A structured approach to managing and responding to suspected security events or incidents.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A public incident response process documentation used at PagerDuty
A public incident response process documentation used at PagerDuty
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A container of PCAP captures mapped to the relevant attack tactic
A framework for accumulating, describing, and classifying actionable Incident Response techniques
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A simple, self-contained modular host-based IOC scanner for incident responders.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
A Go-based honeypot server for detecting and logging attacker activity
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
Incident Response Documentation tool for tracking findings and tasks.
Incident Response Documentation tool for tracking findings and tasks.
Detailed analysis of the event-stream incident and actions taken by npm Security.
Detailed analysis of the event-stream incident and actions taken by npm Security.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A PHP based web application for managing postmortems with pluggable features.
A PHP based web application for managing postmortems with pluggable features.
Template-based incident response runbooks for AWS environments following NIST guidelines to help organizations handle common cloud security incidents.
Template-based incident response runbooks for AWS environments following NIST guidelines to help organizations handle common cloud security incidents.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
View physical memory as files in a virtual file system for easy memory analysis and artifact access.
View physical memory as files in a virtual file system for easy memory analysis and artifact access.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
Get insights into the latest cybersecurity trends and expert advice on enhancing organizational security.
Get insights into the latest cybersecurity trends and expert advice on enhancing organizational security.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
