Unix-like Artifacts Collector UAC Logo

Unix-like Artifacts Collector UAC

0
Free
Visit Website

Unix-like Artifacts Collector UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. Documentation • Main Features • Supported Operating Systems • Using UAC • Contributing • Support • License 📘 Documentation Project documentation page: https://tclahr.github.io/uac-docs 🌟 Main Features Run everywhere with no dependencies (no installation required). Customizable and extensible collections and artifacts. Respect the order of volatility during artifact collection. Collect information from processes running without a binary on disk. Hash running processes and executable files. Extract information from files and directories to create a bodyfile (including enhanced file attributes for ext4). Collect user and system configuration files and logs. Collect artifacts from applications. Acquire volatile memory from Linux systems using different methods and tools. 💾 Supported Operating Systems AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

FEATURES

ALTERNATIVES

CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.

A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.

A DevSecOps command line asset inventory tool

Automate security incident handling and facilitate real-time activities of incident handlers.

A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.

An automation platform with community support and documentation for easy development.

Companion repository for deploying osquery in a production environment with tailored query packs.

A collection of AWS security architectures for various security operations.

PINNED