Incident Response
Explore 282 curated cybersecurity tools, with 15,390 visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A public incident response process documentation used at PagerDuty
A public incident response process documentation used at PagerDuty
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A container of PCAP captures mapped to the relevant attack tactic
A container of PCAP captures mapped to the relevant attack tactic
A framework for accumulating, describing, and classifying actionable Incident Response techniques
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A simple, self-contained modular host-based IOC scanner for incident responders.
A simple, self-contained modular host-based IOC scanner for incident responders.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
A Go-based honeypot server for detecting and logging attacker activity
A Go-based honeypot server for detecting and logging attacker activity
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
