Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A framework — knowledge base of actionable Incident Response techniques A community-driven collection of Security Incident Response Playbooks A data source of the Atomic Threat Coverage framework The RE&CT Framework is designed for accumulating, describing and classification actionable Incident Response techniques. RE&CT's philosophy is based on the MITRE's ATT&CK framework. The columns represent Response Stages. The cells repsresent Response Actions. (Image generated by RE&CT Navigator) The main use cases: Prioritization of Incident Response capabilities development, including skills development, technical measures acquisition/deployment, internal procedures development, etc Gap analysis — determine "coverage" of existing Incident Response capabilities The main resources: RE&CT Navigator (modified ATT&CK Navigator) for visualization and observing the big picture Automatically generated RE&CT website is the best place for getting details about existing analytics Automatically generated Atlassian Confluence knowledge base - exporting functionality demonstration Actionable Analytics The ATC RE&CT project is
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A mature SIEM environment is critical for successful SOAR implementation.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.