FastFinder
Fast suspicious file finder for threat hunting and live forensics.
SIFT is a metadata repository primarily used for discussions and issue tracking. It includes tools like Cast for installation, SaltStack for executing tasks, Packer for building machine images, and package-scripts for building specific packages. Supported distros include Ubuntu 20.04 (Focal) and 22.04 (Jammy). Cast is the replacement for the SIFT CLI, which is officially deprecated as of March 1, 2023. SIFT can be installed using 'sudo cast install teamdfir/sift-saltstack'. Cloud providers like AWS offer headless AMIs for SIFT, with default user 'sansforensics' and account ID 469658012540.
Fast suspicious file finder for threat hunting and live forensics.
Automate security incident handling and facilitate real-time activities of incident handlers.
Incident Response Documentation tool for tracking findings and tasks.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.