IRIS-SOAR
0 (0)
Modular SOAR implementation in Python for security orchestration, automation, and response.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaissance without the need to drop any payload to disk. Windows Management Instrumentation has been installed and its respective service running by default since Windows XP and Windows 2000 and is fully supported in the latest versions of Windows including Windows 10, Nano Server, and Server 2016. Background Agent-based defensive tools are extremely powerful but they also require deployment of the agent to each system. While agent-based solutions absolutely have a place in our industry, they tend to be very expensive and can be easily detected/thwarted by determined attackers. CimSweep enables the acquisition of time-sensitive data at scale all without needing to deploy an agent. It is called CimSweep based upon the fact that it utilizes the extremely powerful CIM cmdlets in PowerShell. CIM cmdlets support the WSMan protocol by default but it may also fall back to using DCOM on systems that either cannot support or do not have the Windows Remote Management
Modular SOAR implementation in Python for security orchestration, automation, and response.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
A framework for improving detection strategies and alert efficacy.
Datadog offers a comprehensive suite of cybersecurity tools for various aspects of application and infrastructure monitoring.
Sample security playbooks for security automation, orchestration and response (SOAR) using Microsoft Sentinel trigger
CrowdStrike Charlotte AI is a conversational AI assistant that accelerates security operations by automating tasks and providing faster intelligence through generative AI capabilities.
