The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations.
sleuthkit tct ntfs forensics incident-responseA curated list of awesome Site Reliability and Production Engineering resources.
site-reliability-engineering production availability monitoring post-mortem reliability-engineering capacity-planning service-level-agreement scalability reliability alerting on-call site-reliability postmortem incident-response sre awesome awesome-list devops observabilityTheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api investigations analyst dfir free free-software open-source platform misp-events cortex agplv3This is a public version of the Incident Response process used at PagerDuty. It is also used to prepare new employees for on-call responsibilities, and provides information not only on preparing for an incident, but also what to do during and after. See the about page for more information on what this documentation is and why it exists. You can view the documentation directly in this repository, or rendered as a website at https://response.pagerduty.com.
pagerduty incident-response documentation oncallWazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.
ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management log-analysis vulnerability-detection incident-response threat-detectionFAME is a recursive acronym meaning “FAME Automates Malware Evaluation”. It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.
malware malware-analysis malware-research framework infosec incident-responseIntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.
cybersecurity threat ioc malware phishing cert csirt intelligence incident-response alerts feeds incident handling automation ihapDealing with incidents can be stressful. On top of dealing with the issue at hand, responders are often responsible for handling comms, coordinating the efforts of other engineers, and reporting what happened after the fact. Monzo built Response to help reduce the pressure and cognitive burden on engineers during an incident, and to make it easy to create information rich reports for others to learn from.
incident response incident-response incident-management incident-reports slack-botOPCDE DXB 2017 + 2018 Materials
cybersecurity incident-response vulnerability information-securityTo try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowlAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter , Incident Responder or forensic investigator , i assure you will enjoy using this tool , why ? i will discuss the reason in this article and how it will make your life easy just it made mine . Kindly note this tool is heavily tested but still a beta version and may contain bugs . The first thing to do is to collect the logs if you didn’t and with powershell log collectors its easy to collect the needed logs automatically you just run the powershell scripts as administrator .
incident-response python3 threat-hunting windows-eventlog forensic-analysis purpleteam windows-event-logs apt-attacksKuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences (evidences could be collected by fast traige script like Hoarder). In additional, collaborate with other team members on the same platform by tagging artifacts and present it as a timeline, as well as setting rules for automating the detection. The main purpose of this project is to aid in streamlining digital investigation activities and allow advanced analytics capabilities with the ability to handle a large amounts of data. With a large number of cases and a large number of team members, it becomes hard for team members collaboration, as well as events correlation and building rules to detect malicious activities. Kuiper solve these shortages.
security parser incident-response dfir artifacts digital-forensicsThe network telemetry engine for data-driven security investigations. High-Throughput Ingestion: import numerous log formats over 100k events/second, including Zeek, Suricata, JSON, and CSV.
security network-forensics incident-response actor-model bitmap-index siem soc threathuntingDFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application mainly based on Django using a PostgreSQL database back end.
incident-response dfir digital-forensics incident-management incident-response-toolingIncident Response Documentation made easy. Developed by Incident Responders for Incident Responders. Aurora brings "Spreadsheet of Doom" used in the SANS FOR508 class to the next level. Having led many cases and taught so many students how to do IR right, I realized, that many struggle with keeping control over all the findings. That does not only prevent them from seeing what they already have, but even less so what they are missing.
incident-response incident-management incident-response-tooling documentation-toolThis repository is a curated list of pro bono incident response entities. This list should only contain entities that offer help for public so that people who are searchiung for support canchoose one of the below to get support. Access Now’s Digital Security Helpline works with individuals and organizations around the world to keep them safe online. If you’re at risk, we can help you improve your digital security practices to keep out of harm’s way. If you’re already under attack, we provide rapid-response emergency assistance.
incident-response defender incident awesome awesome-listThis playbooks installs and configure Wazuh agent, manager and Elastic Stack. The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
wazuh ansible ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseWazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL. Our goal is to completely manage Wazuh remotely. Perform everyday actions like adding an agent, check configuration, or look for syscheck files are now simplest using Wazuh API.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseIn addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Containers are currently tested on Wazuh version 3.3.0 and Elastic Stack version 6.2.4. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
wazuh docker ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening log-analysis ids pci-dss file-integrity-management security-awareness vulnerability-detection incident-responseHere you will find instructions to install and deploy Wazuh HIDS. If you want to contribute to this documentation (built using Sphinx) or our projects please head over to our Github repositories and submit pull requests.
wazuh documentation reference ossec openscap elasticsearch monitoring security security-hardening pci-dss file-integrity-management compliance security-awareness log-analysis fim loganalyzer intrusion-detection vulnerability-detection incident-response
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.