DFIRTrack
DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application mainly based on Django using a PostgreSQL database back end. In contrast to other great incident response tools, which are mainly case-based and support the work of CERTs, SOCs etc. in their daily business, DFIRTrack is focused on handling one or more major incidents with a lot of affected systems as it is often observed in APT cases. It is meant to be used as a tool for dedicated incident response teams in large cases. So, of course, CERTs and SOCs may use DFIRTrack as well, but they may feel it will be more appropriate in special cases instead of every day work. In contrast to case-based applications, DFIRTrack rather works in a system-based fashion. It keeps track of the status of various systems and the tasks and forensic artifacts associated with them, keeping the analyst well-informed about the status and number of affected systems at any time during the investigation phase up to the remediation phase of the incident response process. The main entities for incident tracking are: systems, artifacts, tasks, cases, tags, notes, and report items. One focus is the fast and r
FEATURES
ALTERNATIVES
Malware allows attackers to execute Windows commands from a remote environment
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
An open-source SOAR tool for automating threat and incident response workflows using CACAO security playbooks.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
A module-based AWS response tool for incident response in AWS environments.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.