Incident Response
Browse 1,610 incident response tools
FEATURED
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
Serverless, real-time data analysis framework for incident detection and response.
Serverless, real-time data analysis framework for incident detection and response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A structured approach to managing and responding to suspected security events or incidents.
A structured approach to managing and responding to suspected security events or incidents.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
Open-source observable analysis engine and companion tool for TheHive platform
Open-source observable analysis engine and companion tool for TheHive platform
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A public incident response process documentation used at PagerDuty
A public incident response process documentation used at PagerDuty
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A container of PCAP captures mapped to the relevant attack tactic
A container of PCAP captures mapped to the relevant attack tactic
A framework for accumulating, describing, and classifying actionable Incident Response techniques
A framework for accumulating, describing, and classifying actionable Incident Response techniques
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
