incident-response

There are 104 repositories under incident-response topic.

• dastergon / awesome-sre

  A curated list of Site Reliability and Production Engineering resources.

  alertingavailabilityawesomeawesome-listcapacity-planningdevopsincident-responselistmonitoringon-callpost-mortempostmortemproductionreliabilityreliability-engineeringscalabilityservice-level-agreementsite-reliabilitysite-reliability-engineeringsre
  11685
• kubeshark

  kubeshark / kubeshark

  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

  kubernetesmicroservicesgolangrestgrpcamqpkafkaredisgomicroservicemicroservices-applicationdevopsdevops-toolssnifferobservabilitywiresharkcloud-nativedockerforensicsincident-response
  Language:Go 10704

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  cloud-securitycomplianceconfiguration-assessementcontainer-securitycybersecurityfile-integrity-monitoringincident-responseinfoseclog-analysismalware-detectionpci-dsssecuritysecurity-auditsecurity-automationsecurity-hardeningsecurity-toolssiemvulnerability-detectionwazuhxdr
  Language:C 9618
• howtheysre

  upgundecha / howtheysre

  A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

  alertingchaos-engineeringdev-opsdevopshacktoberfesthacktoberfest-acceptedhacktoberfest2022incident-managementincident-responseinfrastructuremonitoringobservabilityon-callpost-mortemreliabilitysecuritysite-reliability-engineeringsoftware-engineeringsresre-culture
  Language:JavaScript 8994

• toniblyx / my-arsenal-of-aws-security-tools

  List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

  cloudauditingincident-responseaws-inventoryiamdfircloudtrailaws-infrastructureaws-lambdasecuritysecurity-tools
  Language:Shell 8803

• meirwah / awesome-incident-response

  A curated list of tools for incident response

  awesomeawesome-listcybersecuritydfirincident-responseincident-response-toolinglistsecurity
  7326

• OneUptime / oneuptime

  OneUptime is the complete open-source observability platform.

  devopsincident-managementincident-responsemonitoringobservabilityon-callstatus-page
  Language:TypeScript 4535

• 0x4D31 / awesome-threat-detection

  ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

  awesomeawesome-listdetectionincident-responsesecuritythreat-detectionthreat-hunting
  3456
• TheHive

  TheHive-Project / TheHive

  TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  mispsecurity-incidentsanalyzeriocsthehivedigital-forensicsincident-responserestapiscalainvestigationsdfirfreeopen-sourceplatformcortexagplv3orchestrationincident-managementincident-response-tooling
  Language:Scala 3279
• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  security-toolspythonthreat-intelligenceiocincident-responsecyber-threat-intelligenceenrichmenthoneynetosintosint-pythonthreatintelmalware-analysismalware-analyzerintel-owlthreat-huntinghacktoberfestcyber-securitycybersecuritythreathuntingdfir
  Language:Python 3186
• velociraptor

  Velocidex / velociraptor

  Digging Deeper....

  digital-forensicsendpoint-discoveryendpoint-protectionendpoint-securityforensics-investigationsincident-responseinventory-management
  Language:Go 2767

• sleuthkit / sleuthkit

  The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

  sleuthkittctntfsforensicsincident-response
  Language:C 2517
• BlueTeam-Tools

  A-poc / BlueTeam-Tools

  Tools and Techniques for Blue Team / Incident Response

  blue-teamblueteamcheatsheetincident-responsemalware-analysistoolsvulnerability-managementwikiincidentresourcescyber-securitydefender
  2510

• volatilityfoundation / volatility3

  Volatility 3.0 development

  digital-investigationforensicsincident-responsemalwarememorypythonramvolatilityvolatility-framework
  Language:Python 2357

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  dfirthreathuntingwindowseventlogsrustsigmadetectionattackforensicsincidentresponsehayabusayamatosecuritycybersecurityincident-responsesecurity-automationthreat-hunting
  Language:Rust 2064

• mattnotmax / cyberchef-recipes

  A list of cyber-chef recipes and curated links

  cyberchefmalwaredfirincident-responsedata-manipulationcyberchef-recipesregular-expression
  1951
• PersistenceSniper

  last-byte / PersistenceSniper

  Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

  incident-responsemalware-detectionpersistencepowershellpowershell-modulepowershell-scriptregistrytechniqueswindows
  Language:PowerShell 1831

• danieldurnea / FBI-tools

  🕵️ OSINT Tools for gathering information and actions forensics 🕵️

  forensicsosintcybersecurityhackingsecurity-automationsecurity-toolsinfosecawesome-listincident-responsepenetration-testingreconnaissancesecurityawesomepentestingbug-bounty
  1565

• Bashfuscator / Bashfuscator

  A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  bashlinuxlinux-shellobfuscationred-teamblue-teamevasionincident-responseinfosec
  Language:Python 1542

• monzo / response

  Monzo's real-time incident response and reporting tool ⚡️

  incidentincident-managementincident-reportsincident-responseresponseslack-bot
  Language:JavaScript 1511
• Incident-Playbook

  austinsonger / Incident-Playbook

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  catalogcontributions-welcomecontributors-welcomecybersecuritycybersecurity-playbookincident-managementincident-responseincidentsmitremitre-attackplaybook
  1373
• Cortex

  TheHive-Project / Cortex

  Cortex: a Powerful Observable Analysis and Active Response Engine

  responsedfiranalysisanalyzerthehiveenginescalapythonrestapisecurity-incidentsdigital-forensicsiocsobservablefreefree-softwareopen-sourceincident-responsecyber-threat-intelligencecortex
  Language:Scala 1277
• beagle

  yampelo / beagle

  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

  dfirdigital-forensicsforensic-analysisgraphincident-responsesecuritythreat-hunting
  Language:Python 1262

• dastergon / postmortem-templates

  A collection of postmortem templates

  site-reliability-engineeringsite-reliabilitydevopspostmortemincident-reportspost-mortempostmortem-templatesincident-reportingincident-responsesre
  1255
• asn

  nitefood / asn

  ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

  apias-pathasnasn-lookupautonomous-systemsbashbgpfingerprintinggeolocationincident-responseip-lookupip-reputationmtrosintreconrpkishodanteam-cymrutraceroutewhois
  Language:Shell 1224

• ahmedkhlief / APT-Hunter

  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  apt-attacksforensic-analysisincident-responsepurpleteampython3threat-huntingwindows-event-logswindows-eventlog
  Language:Python 1191
• ThePhish

  emalderson / ThePhish

  ThePhish: an automated phishing email analysis tool

  emaildetectionmalwarephishingcybersecuritymispthehivethehive4thehive4pyindicators-of-compromisecyberdefensephishing-detectionpythonincident-responsefreedigital-forensicsthreat-intelligencewebappattackscript
  Language:Python 1077

• cyb3rxp / awesome-soc

  A collection of sources of documentation, as well as field best practices, to build/run a SOC

  architecturecertcsirtdetectionincident-responsemanagementmitre-attackpurpleteamrisk-managementsiemsirpsoasoarsoctipttp
  1071

• PagerDuty / incident-response-docs

  PagerDuty's Incident Response Documentation.

  documentationincident-responseoncallpagerdutyteam-security
  Language:Dockerfile 1012

• mdecrevoisier / Microsoft-eventlog-mindmap

  Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

  mindmapevtxwindowsincident-responseazureexchangeactive-directory
  988

• dfir-iris / iris-web

  Collaborative Incident Response platform

  forensicincident-responsecsirt-toolingpythondigital-forensicsdigital-forensics-incident-responseforensic-analysisforensic-tools
  Language:JavaScript 970

• certtools / intelmq

  IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  cybersecuritythreatiocmalwarephishingcertcsirtintelligenceincident-responsealertsfeedsincidenthandlingautomationihappython
  Language:Python 948
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  compliancecyber-securitydetection-engineeringforensics-toolsincident-managementincident-responseinformation-securityinfosecintrusion-detectionkali-linuxmitre-attacknetwork-analysisoffensive-securitypentestersprivacy-protectionscanning-toolsiemsurveillancevulnerabilitiesvulnerability-detection
  Language:Go 876

• certsocietegenerale / fame

  FAME Automates Malware Evaluation

  frameworkincident-responseinfosecmalwaremalware-analysismalware-research
  Language:Python 840
• Watcher

  thalesgroup-cert / Watcher

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

  cybersecuritythreat-huntingdjangoreactjsrss-bridgemispthehivesecurityincident-responsethreat-detectionthreat-intelligencenltkwatchercertificate-transparencycertstreamosintosint-pythonwebappmonitoringphishing
  Language:Python 816

• palantir / osquery-configuration

  A repository for using osquery for incident detection and response

  detectionincident-responseinformation-securityocto-correct-managedosquery
  811