CORTEX XSOAR
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
A Sysmon configuration repository for everybody to customise. This is a Microsoft Sysinternals Sysmon configuration repository, set up modular for easier maintenance and generation of specific configs. Please keep in mind that any of these configurations should be considered a starting point, tuning per environment is strongly recommended. Note: to get even more value out of the FileExecutable event, consider getting the most up to date version of the LOLdrivers config merged into the config as well. You can easily do that by grabbing the file and adding it in the 29_file_execute_detected folder and generate a new config. The sysmonconfig.xml within the repo is automatically generated after a successful merge by the PowerShell script and a successful load by Sysmon in an Azure Pipeline run. More info on how to generate a custom config, incorporating your own modules here. Pre-Generated configurations: Type: Config: Description: default: sysmonconfig.xml: This is the balanced configuration, most used, more information here. default+: sysmonconfig-with-filedelete.xml: This is the balanced configuration, most used, more information including FileDelete file saves.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
WALKOFF is an automation framework for integrating capabilities and devices to streamline tasks.
Scalable, cost-effective application recovery to AWS.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.