Unix-like Artifacts Collector UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. Documentation • Main Features • Supported Operating Systems • Using UAC • Contributing • Support • License 📘 Documentation Project documentation page: https://tclahr.github.io/uac-docs 🌟 Main Features Run everywhere with no dependencies (no installation required). Customizable and extensible collections and artifacts. Respect the order of volatility during artifact collection. Collect information from processes running without a binary on disk. Hash running processes and executable files. Extract information from files and directories to create a bodyfile (including enhanced file attributes for ext4). Collect user and system configuration files and logs. Collect artifacts from applications. Acquire volatile memory from Linux systems using different methods and tools. 💾 Supported Operating Systems AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Open-source abuse management toolkit for automating and improving the abuse handling process.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A comprehensive auditd configuration for Linux systems following best practices.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.