Top 114 incident-response open source projects

Documentation of TheHive

Information gathering & website reconnaissance | https://phishstats.info/

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Wazuh - Ruleset

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Digital Forensics Investigation Platform

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Infosec resource center for offensive and defensive security operations.

Extract BITS jobs from QMGR queue and store them as CSV records

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Recon Hunt Queries

This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Wazuh - Puppet module

Incident Response - Fast suspicious file finder

Cyber-investigation Analysis Standard Expression (CASE) Ontology

incident response scripts

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

A concise, directive, specific, flexible, and free incident response plan template

Legal, procedural and policies document templates for operating an IRT

Wazuh - Amazon AWS Cloudformation

Cyber Incident Response Team Playbook Battle Cards

This repository is a curated list of pro bono incident response entities.

A Lambda-powered Security Orchestration framework for AWS GuardDuty

No description or website provided.

Simple Live Data Collection Tool

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Parses Windows event logs files based on SANS Poster

Trace ScriptBlock execution for powershell v2

Incident Response collection and processing scripts with automated reporting scripts

Docker configurations for TheHive, Cortex and 3rd party tools

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Wazuh - Ansible playbook

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Wazuh - Tools for packages creation

Pre-configured response & remediation playbooks for AWS Security Hub

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Microsoft Sentinel SOC Operations

Carve file metadata from NTFS index ($I30) attributes

Who and what to follow in the world of cyber security

Collaborative Incident Response platform

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

ThePhish: an automated phishing email analysis tool

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Prototype to collect data and analyse it from a compromised macOS device.

Exporting MISP event attributes to yara rules usable with Thor apt scanner

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Live system forensic collector

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.