Scumblr
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
A modular incident response framework in Powershell that uses Powershell Remoting to run user-contributed modules across hosts in an enterprise to collect data for incident response, breach hunts, or building an environmental baseline. It's recommended to upgrade to Powershell v3 or later for optimal performance. For more information, visit: - http://trustedsignal.blogspot.com/search/label/Kansa - http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ To use it, after downloading and unzipping the project, unblock the ps1 files by running: ls -r *.ps1 | Unblock-File. Ensure to check and set your execution policies accordingly.
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
Incident response and case management solution for efficient incident response and management.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Templates for incident response run-books tailored for AWS environments based on NIST guidelines.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.