333 Open source projects that are alternatives of or similar to Vast

DFIRTrack - The Incident Response Tracking Application

Parses Windows event logs files based on SANS Poster

Docker configurations for TheHive, Cortex and 3rd party tools

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

All-in-one bundle of MISP, TheHive and Cortex

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Carve file metadata from NTFS index ($I30) attributes

Microsoft Sentinel SOC Operations

Digital Forensics Investigation Platform

A list of cyber-chef recipes and curated links

Cortex: a Powerful Observable Analysis and Active Response Engine

Forensics artefact collection tool for systems running Microsoft Windows

Test Blue Team detections without running any attack.

Python script to decode common encoded PowerShell scripts

A Lambda-powered Security Orchestration framework for AWS GuardDuty

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Cortex Analyzers Repository

Incident Response - Fast suspicious file finder

Recon Hunt Queries

A curated list of tools for incident response

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Imago is a python tool that extract digital evidences from images.

PS / Bash / Python / Other scripts For FUN!

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Invoke-LiveResponse

Documentation of TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Python API Client for Cortex

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Live system forensic collector

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Trace ScriptBlock execution for powershell v2

incident response scripts

Python API Client for TheHive

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

SIAC is an enterprise SIEM built on open-source technology.

A knowledge base of actionable Incident Response techniques

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

reactive风格的微服务框架

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

This is a frameworks with reactive, event sourcing and Actor pattern as basic theories. On top of this, developers can create "distributed", "scale out", and "easy to test" application more simply. Claptrap and it`s Minions is on the way.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Loki - Simple IOC and Incident Response Scanner

Build highly concurrent, distributed, and resilient message-driven applications on the JVM

An Open Source Implementation of the Actor Model in C++

Wazuh - Kibana plugin

Detecting ATT&CK techniques & tactics for Linux

SIEM Tactics, Techiques, and Procedures

The Microservices Online Shop is an application with a modern software architecture that is cleanly designed and based on.NET lightweight technologies. The shop has two build variations. The first variant is the classic Microservices Architectural Style. The second one is with Dapr. Dapr has a comprehensive infrastructure for building highly decoupled Microservices; for this reason, I am using Dapr to achieve the noble goal of building a highly scalable application with clean architecture and clean code.

Everything related to Linux Forensics