203 Open source projects that are alternatives of or similar to osint_to_timesketch

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Bringing you the best of the worst files on the Internet.

Your Everyday Threat Intelligence

Defanged Indicator of Compromise (IOC) Extractor.

Extract and aggregate threat intelligence.

VirusTotal Wanna Be - Now with 100% more Hipster

Deploy and maintain Symon through the Splunk Deployment Sever

Carve file metadata from NTFS index ($I30) attributes

Live system forensic collector

Timeline of Active Directory changes with replication metadata

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

You didn't think I'd go and leave the blue team out, right?

🔮 Visibility Across Space and Time

Hashes of infamous malware

Minimalistic DNS logging tool

Standard-Format Threat Intelligence Feeds

Scan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

The FASTEST way to consume threat intel.

Cortex Analyzers Repository

Docker configurations for TheHive, Cortex and 3rd party tools

A knowledge base of actionable Incident Response techniques

Tracking APT IOCs

Test Blue Team detections without running any attack.

Forensics artefact collection tool for systems running Microsoft Windows

Analyst Unknown Cyber Range - a micro web service framework

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Python script to decode common encoded PowerShell scripts

Documentation for Zeek

Defund the Police.

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

This is a python tool aiming to make using TheHive webhooks easier.

recon-ng modules for Censys

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

PowerShell module for Office 365 and Azure log collection

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Automate the creation of a lab environment complete with security tooling and logging best practices

SQLite queries

DFIRTrack - The Incident Response Tracking Application

Parses Windows event logs files based on SANS Poster

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Query and report user logons relations from MS Windows Security Events

Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles

Misc Threat Hunting Resources

the fastest way to consume threat intelligence.

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Provides various Windows Server Active Directory (AD) security-focused reports.

Everything related to Linux Forensics

GitHub Action to upload and scan files with VirusTotal

Open Source EDR for Windows

Warning lists to inform users of MISP about potential false-positives or other information in indicators

A Splunk Technology Add-on to forward filtered ETW events.

An Incident Response tool to extract console command history and screen output buffer

Imago is a python tool that extract digital evidences from images.

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.