RE&CT Framework Logo

RE&CT Framework

0
Free
Visit Website

A framework — knowledge base of actionable Incident Response techniques A community-driven collection of Security Incident Response Playbooks A data source of the Atomic Threat Coverage framework The RE&CT Framework is designed for accumulating, describing and classification actionable Incident Response techniques. RE&CT's philosophy is based on the MITRE's ATT&CK framework. The columns represent Response Stages. The cells repsresent Response Actions. (Image generated by RE&CT Navigator) The main use cases: Prioritization of Incident Response capabilities development, including skills development, technical measures acquisition/deployment, internal procedures development, etc Gap analysis — determine "coverage" of existing Incident Response capabilities The main resources: RE&CT Navigator (modified ATT&CK Navigator) for visualization and observing the big picture Automatically generated RE&CT website is the best place for getting details about existing analytics Automatically generated Atlassian Confluence knowledge base - exporting functionality demonstration Actionable Analytics The ATC RE&CT project is

FEATURES

ALTERNATIVES

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

Detailed analysis of the event-stream incident and actions taken by npm Security.

Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.

Fast suspicious file finder for threat hunting and live forensics.

Companion repository for deploying osquery in a production environment with tailored query packs.

Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.

Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.

StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.