Kansa Logo

Kansa

0
Free
Visit Website

A modular incident response framework in Powershell that uses Powershell Remoting to run user-contributed modules across hosts in an enterprise to collect data for incident response, breach hunts, or building an environmental baseline. It's recommended to upgrade to Powershell v3 or later for optimal performance. For more information, visit: - http://trustedsignal.blogspot.com/search/label/Kansa - http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ To use it, after downloading and unzipping the project, unblock the ps1 files by running: ls -r *.ps1 | Unblock-File. Ensure to check and set your execution policies accordingly.

FEATURES

ALTERNATIVES

Fast suspicious file finder for threat hunting and live forensics.

AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.

Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.

DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.

Incident response and case management solution for efficient incident response and management.

An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.

An open-source SOAR tool for automating threat and incident response workflows using CACAO security playbooks.

A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.