Incident Response Investigation System (IRIS)
IRIS is a web collaborative platform designed to assist incident responders in sharing technical details during investigations. It consists of two main parts: IrisWeb, the core web application for managing the interface and database, and IrisModules, extensions that allow third parties to process data (e.g., enrich IOCs with MISP and VT, upload EVTX into Splunk). IRIS can function without modules, but default ones are preinstalled, and additional modules can be configured in the UI under Manage > Modules. The system is shipped in Docker containers for easy installation and upgrades using Docker compose.
FEATURES
ALTERNATIVES
Companion repository for deploying osquery in a production environment with tailored query packs.
Modular SOAR implementation in Python for security orchestration, automation, and response.
npm security team foils plot to steal $13 million in cryptocurrency
Detect signed malware and track stolen code-signing certificates using osquery.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A collection of Cyber Incident Response Playbook Battle Cards (PBC) for combating cyber threats and attacks, following a prescriptive approach inspired by CERT Societe Generale's IRM.
A collection of AWS security architectures for various security operations.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.