9 tools and resources
A python module for orchestrating content acquisitions and analysis via Amazon SSM.
A module for loading Bro logs as tables in Osquery
A collection of tools and resources for threat hunters.
Open-source tool for monitoring macOS hosts with detailed system activity insights.
Companion repository for deploying osquery in a production environment with tailored query packs.
Threat hunter based on osquery and Salt Open, querying open network sockets against threat intelligence sources.
Doorman is an osquery fleet manager that allows administrators to remotely manage the osquery configurations retrieved by nodes.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Detect signed malware and track stolen code-signing certificates using osquery.