Alerting and Detection Strategies Framework Logo

Alerting and Detection Strategies Framework

0
Free
Visit Website

This repository provides a public version of the Alerting and Detection Strategy (ADS) framework used by the Incident Response Team at Palantir, offering building blocks for organizations to enhance their detection strategies and improve alert efficacy. The framework aims to address challenges related to the development, implementation, and documentation of alerts, ultimately increasing operational costs for attackers.

FEATURES

ALTERNATIVES

A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.

AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.

Fast suspicious file finder for threat hunting and live forensics.

Detect signed malware and track stolen code-signing certificates using osquery.

A module-based AWS response tool for incident response in AWS environments.

A collaborative and open-source incident response platform for sharing observables among analysts.

A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.

A collection of Cyber Incident Response Playbook Battle Cards (PBC) for combating cyber threats and attacks, following a prescriptive approach inspired by CERT Societe Generale's IRM.