Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with incident-response

A curated list of projects in awesome lists tagged with incident-response .

https://github.com/kubeshark/kubeshark

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

amqp cloud-native devops devops-tools docker forensics go golang grpc incident-response kafka kubernetes microservice microservices microservices-application observability redis rest sniffer wireshark

Last synced: 29 Sep 2024

https://github.com/up9inc/mizu

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

amqp cloud-native devops devops-tools docker forensics go golang grpc incident-response kafka kubernetes microservice microservices microservices-application observability redis rest sniffer wireshark

Last synced: 30 Jul 2024

https://github.com/upgundecha/howtheysre

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

alerting chaos-engineering dev-ops devops hacktoberfest hacktoberfest-accepted incident-management incident-response infrastructure ml-ops monitoring observability on-call post-mortem reliability security site-reliability-engineering software-engineering sre sre-culture

Last synced: 30 Sep 2024

https://github.com/toniblyx/my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

auditing aws-infrastructure aws-inventory aws-lambda cloud cloudtrail dfir iam incident-response security security-tools

Last synced: 30 Sep 2024

https://github.com/OneUptime/oneuptime

OneUptime is the complete open-source observability platform.

devops incident-management incident-response monitoring observability on-call status-page

Last synced: 31 Jul 2024

https://github.com/sleuthkit/sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

forensics incident-response ntfs sleuthkit tct

Last synced: 30 Sep 2024

https://github.com/Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

attack cybersecurity detection dfir event forensics hayabusa hunting incident incident-response logs response rust security security-automation sigma threat threat-hunting windows yamato

Last synced: 01 Aug 2024

https://github.com/last-byte/PersistenceSniper

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

incident-response malware-detection persistence powershell powershell-module powershell-script registry techniques windows

Last synced: 01 Aug 2024

https://github.com/bashfuscator/bashfuscator

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

bash blue-team evasion incident-response infosec linux linux-shell obfuscation red-team

Last synced: 30 Sep 2024

https://github.com/Bashfuscator/Bashfuscator

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

bash blue-team evasion incident-response infosec linux linux-shell obfuscation red-team

Last synced: 04 Aug 2024

https://github.com/monzo/response

Monzo's real-time incident response and reporting tool ⚡️

incident incident-management incident-reports incident-response response slack-bot

Last synced: 01 Oct 2024

https://github.com/austinsonger/incident-playbook

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

catalog contributions-welcome contributors-welcome cybersecurity cybersecurity-playbook incident-management incident-response incidents mitre mitre-attack playbook

Last synced: 30 Sep 2024

https://github.com/austinsonger/Incident-Playbook

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

catalog contributions-welcome contributors-welcome cybersecurity cybersecurity-playbook incident-management incident-response incidents mitre mitre-attack playbook

Last synced: 01 Aug 2024

https://github.com/yampelo/beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

dfir digital-forensics forensic-analysis graph incident-response security threat-hunting

Last synced: 30 Sep 2024

https://github.com/nitefood/asn

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

api as-path asn asn-lookup autonomous-systems bash bgp fingerprinting geolocation incident-response ip-lookup ip-reputation mtr osint recon rpki shodan team-cymru traceroute whois

Last synced: 01 Aug 2024

https://github.com/ahmedkhlief/apt-hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 30 Sep 2024

https://github.com/ahmedkhlief/APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 04 Aug 2024

https://github.com/pagerduty/incident-response-docs

PagerDuty's Incident Response Documentation.

documentation incident-response oncall pagerduty team-security

Last synced: 30 Sep 2024

https://github.com/PagerDuty/incident-response-docs

PagerDuty's Incident Response Documentation.

documentation incident-response oncall pagerduty team-security

Last synced: 01 Aug 2024

https://github.com/mdecrevoisier/Microsoft-eventlog-mindmap

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

active-directory azure evtx exchange incident-response mindmap windows

Last synced: 03 Aug 2024

https://github.com/certtools/intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

alerts automation cert csirt cybersecurity feeds handling ihap incident incident-response intelligence ioc malware phishing python threat

Last synced: 01 Aug 2024

https://github.com/A3sal0n/CyberThreatHunting

A collection of resources for Threat Hunters

cybersecurity dfir incident-response threat-hunting threat-intelligence

Last synced: 31 Jul 2024

https://github.com/a3sal0n/cyberthreathunting

A collection of resources for Threat Hunters

cybersecurity dfir incident-response threat-hunting threat-intelligence

Last synced: 03 Aug 2024

https://github.com/palantir/osquery-configuration

A repository for using osquery for incident detection and response

detection incident-response information-security octo-correct-managed osquery

Last synced: 31 Jul 2024

https://github.com/cyb3rfox/Aurora-Incident-Response

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

incident-management incident-response incident-response-tooling

Last synced: 04 Aug 2024

https://github.com/drew-alleman/datasurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

bug-bounty ctf-tools cybersecurity email file-search hacking incident-response infosec ip-address osint pentesting recon reconnaissance regex rust rust-lang search search-tools security-tools windows

Last synced: 28 Sep 2024

https://github.com/Drew-Alleman/DataSurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

bug-bounty ctf-tools cybersecurity email file-search hacking incident-response infosec ip-address osint pentesting recon reconnaissance regex rust rust-lang search search-tools security-tools windows

Last synced: 06 Aug 2024

https://github.com/DFIRKuiper/Kuiper

Digital Forensics Investigation Platform

artifacts dfir digital-forensics incident-response parser security

Last synced: 01 Aug 2024

https://github.com/tclahr/uac

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

aix android computer-forensics dfir esxi forensics freebsd incident-response linux live-response macos netbsd netscaler openbsd script security shell solaris terminal triage

Last synced: 26 Sep 2024

https://github.com/counteractive/incident-response-plan-template

A concise, directive, specific, flexible, and free incident response plan template

cybersecurity incident incident-management incident-response information-security infosec

Last synced: 01 Aug 2024

https://github.com/comaeio/opcde

OPCDE Cybersecurity Conference Materials

cybersecurity incident-response information-security vulnerability

Last synced: 06 Aug 2024

https://github.com/atc-project/atc-react

A knowledge base of actionable Incident Response techniques

amitt dfir incident-response mitre-attack response-playbooks thehive

Last synced: 04 Aug 2024

https://atc-project.github.io/atc-react/

A knowledge base of actionable Incident Response techniques

amitt dfir incident-response mitre-attack response-playbooks thehive

Last synced: 01 Aug 2024

https://github.com/msuiche/OPCDE

OPCDE Cybersecurity Conference Materials

cybersecurity incident-response information-security vulnerability

Last synced: 01 Aug 2024

https://github.com/securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

automation cyber cyber-security dfir dfir-automation digital-forensic incident-response infosec ir mdr powershell reporting security soc tools

Last synced: 01 Aug 2024

https://github.com/Johnng007/Live-Forensicator

A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell)

bash eventlog-analysis eventlogs forensicator forensics forensics-investigations incident-response linux linux-shell live-forensic log4j macos powershell ransomeware

Last synced: 04 Aug 2024

https://github.com/dfirtrack/dfirtrack

DFIRTrack - The Incident Response Tracking Application

dfir digital-forensics incident-management incident-response incident-response-tooling

Last synced: 02 Aug 2024

https://github.com/chenerlich/FCL

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

command-line fcl file-less incident-response malware malware-analysis malware-detection threat-hunting

Last synced: 01 Aug 2024

https://github.com/diogo-fernan/ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

bash batch cybersecurity dfir forensics incident-response malware nirsoft sysinternals unix windows

Last synced: 01 Aug 2024

https://github.com/incidentalhq/incidental

An opensource incident management platform integrating with Slack.

incident incident-management incident-response open-source python3 react

Last synced: 01 Aug 2024

https://github.com/Bert-JanP/Incident-Response-Powershell

PowerShell Digital Forensics & Incident Response Scripts.

forensics-tools incident-response powershell

Last synced: 01 Aug 2024

https://github.com/LearningKijo/KQL

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

edr incident-response kql kusto threat-hunting xdr

Last synced: 01 Aug 2024

https://github.com/evild3ad/MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

dfir digital-forensics incident-response live-response memory-forensics memprocfs powershell

Last synced: 01 Aug 2024

https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.

azuread incident-response powershell powershell-module

Last synced: 01 Aug 2024

https://github.com/vm32/Linux-Incident-Response

practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response

digital-forensics digital-forensics-incident-response incident-response ir linux

Last synced: 01 Aug 2024

https://github.com/op7ic/EDR-Testing-Script

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

att edr edr-solutions incident-response mitre security security-audit

Last synced: 01 Aug 2024

https://github.com/SecurityBrewery/catalyst

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes

dfir digital-forensics incident-response soar

Last synced: 17 Sep 2024

https://github.com/netevert/pockint

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

dfir incident-response incident-response-tooling infosec infosec-19 osint osint-professionals osint-python osinttool portable python python3 tkinter-gui tkinter-python

Last synced: 02 Aug 2024

https://github.com/redaelli/imago-forensics

Imago is a python tool that extract digital evidences from images.

dfir forensics-investigations image-analysis incident-response python

Last synced: 02 Aug 2024

https://github.com/BSI-Bund/RdpCacheStitcher

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

cybersecurity dfir digitalforensics forensics incident-response incident-response-tooling rdp security

Last synced: 01 Aug 2024

https://github.com/WithSecureLabs/LinuxCatScale

Incident Response collection and processing scripts with automated reporting scripts

collection countercept incident-response linux triage

Last synced: 04 Aug 2024

https://github.com/merlinn-co/merlinn

Open source AI on-call developer 🧙‍♂️ Get relevant context & root cause analysis in seconds about production incidents and make on-call engineers 10x better 🏎️

aiops alerts chatops-ai devtools in incident incident-response incident-response-tooling llm llm-agent metrics monitoring observability oncall oncall-engineers site-reliability-engineering sre traces

Last synced: 01 Aug 2024

https://github.com/codeyourweb/fastfinder

Incident Response - Fast suspicious file finder

dfir incident-response investigation threat-hunting

Last synced: 01 Aug 2024

https://github.com/utmstack/UTMStack

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

compliance correlation edr incident-response log-management siem threat-intelligence threat-management utmstack xdr

Last synced: 02 Aug 2024

https://github.com/mvelazc0/Oriana

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

dfir incident-response threat-hunting

Last synced: 31 Jul 2024

https://github.com/center-for-threat-informed-defense/cti-blueprints

CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.

ctid cyber-threat-intelligence cybersecurity incident-response malware-analysis mitre-attack threat-actors threat-informed-defense

Last synced: 01 Aug 2024

https://github.com/bb1nfosec/Information-Security-Tasks

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

auditing blueteam compliance forensics incident-response information-security malware-analysis osint pentesting redteam steganography

Last synced: 01 Aug 2024

https://github.com/cgosec/Blauhaunt

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts

analysis cyber-crime dfir forensics graph incident-response investigation security velociraptor

Last synced: 03 Aug 2024

https://github.com/santosomar/who_and_what_to_follow

Who and what to follow in the world of cyber security

cyber-security cybersecurity incident-response malware network news security

Last synced: 03 Aug 2024

https://github.com/jfarley248/MEAT

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

dfir ediscovery forensics incident-response ios

Last synced: 02 Aug 2024

https://github.com/CityBaseInc/SIAC

SIAC is an enterprise SIEM built on open-source technology.

aws compliance elk fim incident-response intrusion-detection osquery pci-dss secdevops security siem wazuh

Last synced: 01 Aug 2024

https://github.com/Yara-Rules/yara-endpoint

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

anti-malware endpoint incident-response yara

Last synced: 02 Aug 2024

https://github.com/echoboomer/incident-bot

The Open Source Incident Management Framework

devops docker incident-management incident-response python3 react slack slack-bot

Last synced: 04 Aug 2024