Tools for security operations including incident response, threat hunting and SOC automation
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
A mature SIEM environment is critical for successful SOAR implementation.
Automate security incident handling and facilitate real-time activities of incident handlers.
Malware allows attackers to execute Windows commands from a remote environment
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A comprehensive auditd configuration for Linux systems following best practices.
A collection of Cyber Incident Response Playbook Battle Cards (PBC) for combating cyber threats and attacks, following a prescriptive approach inspired by CERT Societe Generale's IRM.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Python command line utility for incident response in AWS
Detect signed malware and track stolen code-signing certificates using osquery.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Incident response platform for automating alert handling and incident response procedures.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.
Malware allows attackers to execute Windows commands from a remote environment
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
An automation platform with community support and documentation for easy development.
Receive important notifications and updates related to North American electric grid security.
Incident response framework focused on remote live forensics
