Incident Response

Visualize and analyze network relationships with AfterGlow

POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.

Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.

A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.

FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.

Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.

A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.

IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.

CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.

Modern digital forensics and incident response platform with comprehensive tools.

eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.

A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.

A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.

Automated DFIR platform for rapid incident investigation and endpoint triage

Open Source computer forensics platform with modular design for easy automation and scripting.

A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.

A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.

A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

In-depth analysis of real-world attacks and threat tactics

A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.

Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.

A community-led project focused on standardizing security event logs.

A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling