247 Open source projects that are alternatives of or similar to PowerGRR

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Microsoft Sentinel SOC Operations

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

incident response scripts

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

All-in-one bundle of MISP, TheHive and Cortex

Explore Indicators of Compromise Automatically

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Incident Response - Fast suspicious file finder

Recon Hunt Queries

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

#ThreatHunting #DFIR #Malware #Detection Mind Maps

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Powershell Module that creates a SSL/TLS Certificate with Let's Encrypt Service and apply to an Azure Application Gateway.

This is the public version of Sorlov.PowerShell Self-Hosted Executable Extensions for Powershell

Live system forensic collector

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Bridge to enable bash completions to be run from within PowerShell.

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

Following PowerShell Module provides different approach to scheduling password notifications for expiring Active Directory based accounts. While most of the scripts require knowledge on HTML... this one is just one config file and a bit of tingling around with texts. Whether this is good or bad it's up to you to decide. I do plan to add an optio…

Collaborative Incident Response platform

PowerVCF: A PowerShell Module for VMware Cloud Foundation

Capture passwords of login attempts on non-existent and disabled accounts.

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

the fastest way to consume threat intelligence.

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Basic functionality of this module is ability to quickly verify if given IP address is on any of over 80 defined DNSBL lists. Below code will return results only if IP is on any of the lists. Advanced functionality of this module is ability to send reports to your email when things get bad on one of those 80 defined DNSBL listrs.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

PowerShell module to manage Fortinet (FortiGate) Firewall

A suite of rules to validate Azure resources against the Cloud Adoption Framework (CAF) using PSRule.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

Powershell module to install and manage the OutSystems platform

ThePhish: an automated phishing email analysis tool

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

Cortex Analyzers Repository

Carve file metadata from NTFS index ($I30) attributes

Malware Sample Sources

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation and geolocation lookup tool / Traceroute server

DFIRTrack - The Incident Response Tracking Application

Consolidation of various resources related to Microsoft Sysmon & sample data/log

🔮 Visibility Across Space and Time

A knowledge base of actionable Incident Response techniques

This script allows to spawn a new interactive console as another user account in the same calling console (console instance/window).

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

Wazuh - Kibana plugin

Wazuh - Docker containers

Prototype to collect data and analyse it from a compromised macOS device.

Sandia Cyber Omni Tracker (SCOT)