Security Operations

A

Free

Security Operations

AbuseIO

StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.

A

Free

Security Operations

Admyral

Sample security playbooks for security automation, orchestration and response (SOAR) using Microsoft Sentinel trigger

AF

Free

Security Operations

AIL Framework

A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.

AA

Free

Security Operations

Alerting and Detection Strategies Framework

Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.

A

Free

Security Operations

Anvilogic

AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.

A

Free

Security Operations

Anomali

A collection of incident response methodologies for various security incidents, providing easy-to-use operational best practices.

AC

Free

Security Operations

Auditd Configuration Best Practices

A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.

A

Free

Security Operations

AutoTTP

Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.

AA

Free

Security Operations

AWS Auto Remediate

A public incident response process documentation used at PagerDuty

AC

Free

Security Operations

AWS Config Rules Repository

A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.

AE

Free

Security Operations

AWS Elastic Disaster Recovery

A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.

A

Free

Security Operations

aws-fast-fixes

Scalable, cost-effective application recovery to AWS.

AI

Free

Security Operations

Aurora Incident Response

A proof of concept for using the SSM Agent in Fargate for incident response

AI

Free

Security Operations

AWS IR

Detect signed malware and track stolen code-signing certificates using osquery.

AI

Free

Security Operations

AWS Incident Response Kit (AIRK)

DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.

AI

Free

Security Operations

AWS Incident Response Runbook Samples

A defense-in-depth security automation and monitoring framework utilizing threat intelligence, machine learning, and serverless technologies.

AI

Free

Security Operations

AWS Incident Response Investigation of API activity using Athena and notification of actions using EventBridge

An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.

AS

Free

Security Operations

AWS Security Automation

A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.

AS

Free

Security Operations

AWS Security Architectures

A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.

A

Free

Security Operations

AxoFlow

CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.

B

Free

Security Operations

Beagle

Fast suspicious file finder for threat hunting and live forensics.

C

Free

Security Operations

Catalyst

Repository of playbooks, scripts, and templates for automating and orchestrating Security Operations.

C

Free

Security Operations

CBRX

StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.

C

Free

Security Operations

CimSweep

A collection of Cyber Incident Response Playbook Battle Cards (PBC) for combating cyber threats and attacks, following a prescriptive approach inspired by CERT Societe Generale's IRM.