This repository provides a public version of the Alerting and Detection Strategy (ADS) framework used by the Incident Response Team at Palantir, offering building blocks for organizations to enhance their detection strategies and improve alert efficacy. The framework aims to address challenges related to the development, implementation, and documentation of alerts, ultimately increasing operational costs for attackers.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Modular SOAR implementation in Python for security orchestration, automation, and response.
Automatically configure your app to follow OWASP security patterns and principles with Nuxt Security module.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
jimi is an orchestration automation tool for multi-team collaboration and automation in IT/Security operations, Development, and CI/CD pipelines.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.