sysmon-modular
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.
FastFinder is a lightweight tool designed for threat hunting, live forensics, and triage on both Windows and Linux platforms. It focuses on endpoint enumeration and suspicious file finding based on various criteria such as file path/name, checksums, string content match, and YARA rules. It has been tested in real cases in multiple CERT, CSIRT, and SOC use cases, with examples including real malwares and vulnerability scan examples. Compiled releases are available, but compiling from sources may be tricky due to dependencies on go-yara and CGO compilation.
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.
A module-based AWS response tool for incident response in AWS environments.
A PHP based web application for managing postmortems with pluggable features.
Automated tool for scripting complex sequences in cybersecurity frameworks.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.