PowerGRR
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
With the emergence of SOAR technologies, a mature SIEM environment is crucial for effectively connecting alerts to automated playbooks, requiring a thorough review of use cases and a mature Use Case Lifecycle Management and Use Case Framework.
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
A module-based AWS response tool for incident response in AWS environments.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.