Incident Response
Browse 1,610 incident response tools
FEATURED
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of YARA rules for research and hunting purposes.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
Tool for visualizing correspondences between YARA ruleset and samples
SOAR platform for orchestrating security products and automating SOC workflows
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Automated collection tool for incident response triage in Windows systems.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A standardized framework for describing and classifying cybersecurity incidents
Developing APIs to access memory on industrial control system devices.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Curated datasets for developing and testing detections in SIEM installations.
