incident-response

There are 96 repositories under incident-response topic.

• dastergon / awesome-sre

  A curated list of Site Reliability and Production Engineering resources.

  site-reliability-engineeringproductionavailabilitymonitoringpost-mortemreliability-engineeringcapacity-planningservice-level-agreementscalabilityreliabilityalertingon-callsite-reliabilitypostmortemincident-responsesreawesomeawesome-listdevopslist
  11475
• kubeshark

  kubeshark / kubeshark

  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

  kubernetesmicroservicesgolangrestgrpcamqpkafkaredisgomicroservicemicroservices-applicationdevopsdevops-toolssnifferobservabilitywiresharkcloud-nativedockerforensicsincident-response
  Language:Go 10532

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  securitycompliancelog-analysisvulnerability-detectioncybersecurityfile-integrity-monitoringinfosecmalware-detectioncloud-securitycontainer-securitysecurity-automationsecurity-toolssiemxdrconfiguration-assessementincident-responsepci-dsssecurity-auditsecurity-hardeningwazuh
  Language:C 9118
• howtheysre

  upgundecha / howtheysre

  A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

  alertingchaos-engineeringdev-opsdevopshacktoberfesthacktoberfest-acceptedhacktoberfest2022incident-managementincident-responseinfrastructuremonitoringobservabilityon-callpost-mortemreliabilitysecuritysite-reliability-engineeringsoftware-engineeringsresre-culture
  Language:JavaScript 8906

• toniblyx / my-arsenal-of-aws-security-tools

  List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

  auditingaws-infrastructureaws-inventoryaws-lambdacloudcloudtraildfiriamincident-responsesecuritysecurity-tools
  Language:Shell 8689

• meirwah / awesome-incident-response

  A curated list of tools for incident response

  awesomeawesome-listcybersecuritydfirincident-responseincident-response-toolinglistsecurity
  7095

• OneUptime / oneuptime

  OneUptime is the complete open-source observability platform.

  devopsincident-managementincident-responsemonitoringobservabilityon-callstatus-page
  Language:TypeScript 4029

• 0x4D31 / awesome-threat-detection

  ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

  awesomeawesome-listdetectionincident-responsesecuritythreat-detectionthreat-hunting
  3314
• TheHive

  TheHive-Project / TheHive

  TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  mispsecurity-incidentsanalyzeriocsthehivedigital-forensicsincident-responserestapiscalainvestigationsdfirfreeopen-sourceplatformcortexagplv3orchestrationincident-managementincident-response-tooling
  Language:Scala 3211
• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  security-toolspythonthreat-intelligenceiocincident-responsecyber-threat-intelligenceenrichmenthoneynetosintosint-pythonthreatintelmalware-analysismalware-analyzerintel-owlthreat-huntinghacktoberfestcyber-securitycybersecuritythreathuntingdfir
  Language:Python 3102
• velociraptor

  Velocidex / velociraptor

  Digging Deeper....

  digital-forensicsendpoint-discoveryendpoint-protectionendpoint-securityforensics-investigationsincident-responseinventory-management
  Language:Go 2639

• sleuthkit / sleuthkit

  The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

  forensicsincident-responsentfssleuthkittct
  Language:C 2469
• BlueTeam-Tools

  A-poc / BlueTeam-Tools

  Tools and Techniques for Blue Team / Incident Response

  blue-teamblueteamcheatsheetincident-responsemalware-analysistoolsvulnerability-managementwikiincidentresourcescyber-securitydefender
  2333

• volatilityfoundation / volatility3

  Volatility 3.0 development

  digital-investigationforensicsincident-responsemalwarememorypythonramvolatilityvolatility-framework
  Language:Python 2198

• mattnotmax / cyberchef-recipes

  A list of cyber-chef recipes and curated links

  cyberchefcyberchef-recipesdata-manipulationdfirincident-responsemalwareregular-expression
  1928

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  attackcybersecuritydetectiondfireventforensicshayabusahuntingincidentincident-responselogsresponserustsecuritysecurity-automationsigmathreatthreat-huntingwindowsyamato
  Language:Rust 1919
• PersistenceSniper

  last-byte / PersistenceSniper

  Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

  incident-responsemalware-detectionpersistencepowershellpowershell-modulepowershell-scriptregistrytechniqueswindows
  Language:PowerShell 1799

• monzo / response

  Monzo's real-time incident response and reporting tool ⚡️

  incidentresponseincident-responseincident-managementincident-reportsslack-bot
  Language:JavaScript 1505

• Bashfuscator / Bashfuscator

  A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  bashlinuxlinux-shellobfuscationred-teamblue-teamevasionincident-responseinfosec
  Language:Python 1501

• danieldurnea / FBI-tools

  🕵️ OSINT Tools for gathering information and actions forensics 🕵️

  forensicsosintcybersecurityhackingsecurity-automationsecurity-toolsinfosecawesome-listincident-responsepenetration-testingreconnaissancesecurityawesomepentestingbug-bounty
  1487
• Incident-Playbook

  austinsonger / Incident-Playbook

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  catalogcontributions-welcomecontributors-welcomecybersecuritycybersecurity-playbookincident-managementincident-responseincidentsmitremitre-attackplaybook
  1351
• beagle

  yampelo / beagle

  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

  securitydigital-forensicsincident-responsegraphdfirforensic-analysisthreat-hunting
  Language:Python 1259
• Cortex

  TheHive-Project / Cortex

  Cortex: a Powerful Observable Analysis and Active Response Engine

  responsedfiranalysisanalyzerthehiveenginescalapythonrestapisecurity-incidentsdigital-forensicsiocsobservablefreefree-softwareopen-sourceincident-responsecyber-threat-intelligencecortex
  Language:Scala 1240

• dastergon / postmortem-templates

  A collection of postmortem templates

  site-reliability-engineeringsite-reliabilitydevopspostmortemincident-reportspost-mortempostmortem-templatesincident-reportingincident-responsesre
  1223
• asn

  nitefood / asn

  ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

  asnasn-lookupautonomous-systemsip-lookupteam-cymruas-pathmtrtracerouteosintincident-responseip-reputationrpkibashbgpgeolocationfingerprintingapishodanwhoisrecon
  Language:Shell 1173

• ahmedkhlief / APT-Hunter

  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  threat-huntingpurpleteampython3windows-eventlogapt-attacksincident-responseforensic-analysiswindows-event-logs
  Language:Python 1141
• ThePhish

  emalderson / ThePhish

  ThePhish: an automated phishing email analysis tool

  emaildetectionmalwarephishingcybersecuritymispthehivethehive4thehive4pyindicators-of-compromisecyberdefensephishing-detectionpythonincident-responsefreedigital-forensicsthreat-intelligencewebappattackscript
  Language:Python 1037

• cyb3rxp / awesome-soc

  A collection of sources of documentation, as well as field best practices, to build/run a SOC

  certcsirtdetectionsocsiemsirpsoasoartiparchitectureincident-responsemanagementmitre-attackpurpleteamrisk-managementttp
  1012

• PagerDuty / incident-response-docs

  PagerDuty's Incident Response Documentation.

  documentationincident-responseoncallpagerdutyteam-security
  Language:Dockerfile 1005

• mdecrevoisier / Microsoft-eventlog-mindmap

  Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

  mindmapevtxwindowsincident-responseazureexchangeactive-directory
  987

• dfir-iris / iris-web

  Collaborative Incident Response platform

  forensicincident-responsecsirt-toolingpythondigital-forensicsdigital-forensics-incident-responseforensic-analysisforensic-tools
  Language:JavaScript 932

• certtools / intelmq

  IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  cybersecuritythreatiocmalwarephishingcertcsirtintelligenceincident-responsealertsfeedsincidenthandlingautomationihappython
  Language:Python 931
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  vulnerabilitiesvulnerability-detectionprivacy-protectionpentestersnetwork-analysisintrusion-detectioninfosecincident-managementmitre-attackdetection-engineeringkali-linuxoffensive-securityinformation-securitysiemcompliancecyber-securityscanning-toolincident-responseforensics-toolssurveillance
  Language:Go 846

• certsocietegenerale / fame

  FAME Automates Malware Evaluation

  malwaremalware-analysismalware-researchframeworkinfosecincident-response
  Language:Python 832

• palantir / osquery-configuration

  A repository for using osquery for incident detection and response

  osqueryincident-responsedetectioninformation-securityocto-correct-managed
  803
• Watcher

  thalesgroup-cert / Watcher

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

  cybersecuritythreat-huntingdjangoreactjsrss-bridgemispthehivesecurityincident-responsethreat-detectionthreat-intelligencenltkwatchercertificate-transparencycertstreamosintosint-pythonwebappmonitoringphishing
  Language:Python 794