GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → SecurityBrewery → catalyst

SecurityBrewery / catalyst

Licence: AGPL-3.0 license
Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Programming Languages

go
31211 projects - #10 most used programming language
typescript
32286 projects
javascript
184084 projects - #8 most used programming language
Vue
7211 projects
ANTLR
299 projects
shell
77523 projects

Labels

incident-responsedfirdigital-forensicssoar

Projects that are alternatives of or similar to catalyst

Kuiper
Digital Forensics Investigation Platform
Stars: ✭ 257 (+182.42%)
Mutual labels:  incident-response, dfir, digital-forensics
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-64.84%)
Mutual labels:  incident-response, dfir, digital-forensics
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (+170.33%)
Mutual labels:  incident-response, dfir, digital-forensics
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+2427.47%)
Mutual labels:  incident-response, dfir, digital-forensics
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+972.53%)
Mutual labels:  incident-response, dfir, digital-forensics
Thehivedocs
Documentation of TheHive
Stars: ✭ 353 (+287.91%)
Mutual labels:  incident-response, dfir, digital-forensics
Dfirtrack
DFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+154.95%)
Mutual labels:  incident-response, dfir, digital-forensics
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+642.86%)
Mutual labels:  incident-response, dfir, digital-forensics
Thehive4py
Python API Client for TheHive
Stars: ✭ 143 (+57.14%)
Mutual labels:  incident-response, dfir, digital-forensics
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-2.2%)
Mutual labels:  incident-response, dfir, digital-forensics
CCXDigger
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-50.55%)
Mutual labels:  incident-response, dfir
Packrat
Live system forensic collector
Stars: ✭ 16 (-82.42%)
Mutual labels:  incident-response, dfir
RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+93.41%)
Mutual labels:  incident-response, dfir
pyarascanner
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-74.73%)
Mutual labels:  incident-response, dfir
Vast
🔮 Visibility Across Space and Time
Stars: ✭ 227 (+149.45%)
Mutual labels:  incident-response, dfir
MEAT
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+10.99%)
Mutual labels:  incident-response, dfir
Atc React
A knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+148.35%)
Mutual labels:  incident-response, dfir
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+642.86%)
Mutual labels:  incident-response, digital-forensics
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+146.15%)
Mutual labels:  incident-response, dfir
GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-45.05%)
Mutual labels:  incident-response, soar
View All Similar Projects ➔

Screenshot of the playbook part of a ticket Catalyst

Speed up your reactions

Website - The Catalyst Handbook (Documentation) - Try online

Twitter - Discord

Catalyst is an incident response platform or SOAR (Security Orchestration, Automation and Response) system. It can help you to automate your alert handling and incident response procedures.

Features

Ticket (Alert & Incident) Management

Screenshot of a ticket

Tickets are the core of Catalyst. They represent alerts, incidents, forensics investigations, threat hunts or any other event you want to handle in your organisation.

Ticket Templates

Screenshot of the playbook part of a ticket

Templates define the custom information for tickets. The core information for tickets like title, creation date or closing status is kept quite minimal and other information like criticality, description or MITRE ATT&CK information can be added individually.

Conditional Custom Fields

Screenshot of the playbook part of a ticket

Screenshot of the playbook part of a ticket

Custom Fields can be dependent on each other. So if you, for example choose "malware" as an incident type a custom field ask you to define it further as ransomware, worm, etc. which a "phishing" incident would ask for the number of received mails in that campaign.

Playbooks

Screenshot of the playbook part of a ticket

Playbooks represent processes that can be attached to tickets. Playbooks can contain manual and automated tasks. Complex workflows with different workflow branches, parallel tasks and task dependencies can be modeled.

Automations

Screenshot of the playbook part of a ticket

Automations are scripts that automate tasks or enrich artifacts. Automations are run in their own Docker containers. This enables them to be created in different scripting languages and run securely in their own environment.

Users

Screenshot of the playbook part of a ticket

Catalyst has two different types of users, normal users accessing the platform via OIDC authentication and API keys for external script. A fine-grained access model is available for both types and allows to define possible actions for each user.

License

Copyright (c) 2021-present Jonas Plum

Portions of this software are licensed as follows:

  • All third party components incorporated into Catalyst are licensed under the original license provided by the owner of the applicable component. Those files contain a license notice on top of the file and are listed in the NOTICE file.
  • Content outside the above-mentioned files above is available under the GNU Affero General Public License v3.0.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].