Incident Response

OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.

A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.

Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

Incident response and case management solution for efficient incident response and management.

Repository of scripts, signatures, and IOCs related to various malware analysis topics.

A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.

Web-based tool for incident response with easy local installation using Docker.

A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.

A simple maturity model for enterprise detection and response

SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.

Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.

A Forensic Framework for Skype with various investigative options.

A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.

A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.

BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.

A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.

A honeypot agent for running honeypots with service and data at threatwar.com.

Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.

A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.

Collection of YARA signatures from recent malware research.