A framework — knowledge base of actionable Incident Response techniques A community-driven collection of Security Incident Response Playbooks A data source of the Atomic Threat Coverage framework The RE&CT Framework is designed for accumulating, describing and classification actionable Incident Response techniques. RE&CT's philosophy is based on the MITRE's ATT&CK framework. The columns represent Response Stages. The cells repsresent Response Actions. (Image generated by RE&CT Navigator) The main use cases: Prioritization of Incident Response capabilities development, including skills development, technical measures acquisition/deployment, internal procedures development, etc Gap analysis — determine "coverage" of existing Incident Response capabilities The main resources: RE&CT Navigator (modified ATT&CK Navigator) for visualization and observing the big picture Automatically generated RE&CT website is the best place for getting details about existing analytics Automatically generated Atlassian Confluence knowledge base - exporting functionality demonstration Actionable Analytics The ATC RE&CT project is
FEATURES
ALTERNATIVES
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
Detailed analysis of the event-stream incident and actions taken by npm Security.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Companion repository for deploying osquery in a production environment with tailored query packs.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.