A DFIR Playbook Spec based on YAML for collaborative incident response processes.
Developing 100% of the development for this is done using Makefile and docker. Get started by running make test in order to verify that all the unit tests work on your machine. To Do: Generate presigned urls to evidence loaded to s3. Reduce scope of IAM roles further for steps in the step-function. Improve integration test coverage. Improve unit test coverage. References: Jicowan original work on SSM Agent in Fargate Link to SEC318 - Coming Soon Slides from SEC318 - Coming Soon
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.
Incident response platform for automating alert handling and incident response procedures.
Tool to disable vulnerable features in Windows and popular applications for enhanced security.
CrowdStrike Charlotte AI is a conversational AI assistant that accelerates security operations by automating tasks and providing faster intelligence through generative AI capabilities.
A custom activity repository for Ayehu NG automation platform, allowing users to create and modify activities to fit their specific needs.