The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations.
sleuthkit tct ntfs forensics incident-responseA curated list of awesome Site Reliability and Production Engineering resources.
site-reliability-engineering production availability monitoring post-mortem reliability-engineering capacity-planning service-level-agreement scalability reliability alerting on-call site-reliability postmortem incident-response sre awesome awesome-list devops observabilityTheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api investigations analyst dfir free free-software open-source platform misp-events cortex agplv3This is a public version of the Incident Response process used at PagerDuty. It is also used to prepare new employees for on-call responsibilities, and provides information not only on preparing for an incident, but also what to do during and after. See the about page for more information on what this documentation is and why it exists. You can view the documentation directly in this repository, or rendered as a website at https://response.pagerduty.com.
pagerduty incident-response documentation oncallWazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.
ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management log-analysis vulnerability-detection incident-response threat-detectionDealing with incidents can be stressful. On top of dealing with the issue at hand, responders are often responsible for handling comms, both internal and external, reporting, and coordinating the efforts of other engineers. To reduce the pressure and cognitive burden on its engineers, Monzo built Response to help coordinate and report incidents. Limit context switching Context switching during an incident is often unavoidable. Response aims to limit this, by enabling actions to be carried out without leaving the conversation.
incident response incident-response incident-management incident-reports slack-botFAME is a recursive acronym meaning “FAME Automates Malware Evaluation”. It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.
malware malware-analysis malware-research framework infosec incident-responseIntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.
cybersecurity threat ioc malware phishing cert csirt intelligence incident-response alerts feeds incident handling automation ihapOPCDE DXB 2017 + 2018 Materials
cybersecurity incident-response vulnerability information-securityThis repository is a curated list of pro bono incident response entities. This list should only contain entities that offer help for public so that people who are searchiung for support canchoose one of the below to get support. Access Now’s Digital Security Helpline works with individuals and organizations around the world to keep them safe online. If you’re at risk, we can help you improve your digital security practices to keep out of harm’s way. If you’re already under attack, we provide rapid-response emergency assistance.
incident-response defender incident awesome awesome-listThis playbooks installs and configure Wazuh agent, manager and Elastic Stack. The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
wazuh ansible ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseWazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL. Our goal is to completely manage Wazuh remotely. Perform everyday actions like adding an agent, check configuration, or look for syscheck files are now simplest using Wazuh API.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseIn addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Containers are currently tested on Wazuh version 3.3.0 and Elastic Stack version 6.2.4. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
wazuh docker ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening log-analysis ids pci-dss file-integrity-management security-awareness vulnerability-detection incident-responseHere you will find instructions to install and deploy Wazuh HIDS. If you want to contribute to this documentation (built using Sphinx) or our projects please head over to our Github repositories and submit pull requests.
wazuh documentation reference ossec openscap elasticsearch monitoring security security-hardening pci-dss file-integrity-management compliance security-awareness log-analysis fim loganalyzer intrusion-detection vulnerability-detection incident-responseVisualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app plugin. If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to mailto:wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.
wazuh kibana ossec elasticsearch security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseWazuh is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseThis module installs and configure Wazuh agent and manager. This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gazeley and Michael Porter. Wazuh has forked it with the purpose of maintaining it. Thank you to the authors for the contribution.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-response puppetWazuh ruleset is used to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies or security policy violations. The ruleset includes compliance mapping with PCI DSS v3.1 and CIS.
wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring elasticsearch openscap security-hardening ids pci-dss file-integrity-management security-awareness log-analysis vulnerability-detection incident-responseMaltego CaseFile entities for information security investigations, malware analysis and incident response
maltego malware-analysis malware-research incident-response securityThis repository is the companion to the osquery Across the Enterprise blog post. The goal of this project is to provide a baseline template for any organization considering a deployment of osquery in a production environment. It is our belief that queries which are likely to have a high level of utility for a large percentage of users should be committed directly to the osquery project, which is exactly what we have done with our unwanted-chrome-extensions query pack and additions to the windows-attacks pack.
osquery incident-response detection information-security
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.