There are 104 repositories under incident-response topic.
A curated list of Site Reliability and Production Engineering resources.
The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A curated list of tools for incident response
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
IntelOwl: manage your Threat Intelligence at scale
Digging Deeper....
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Tools and Techniques for Blue Team / Incident Response
Volatility 3.0 development
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A list of cyber-chef recipes and curated links
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
Cortex: a Powerful Observable Analysis and Active Response Engine
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
A collection of postmortem templates
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
ThePhish: an automated phishing email analysis tool
A collection of sources of documentation, as well as field best practices, to build/run a SOC
PagerDuty's Incident Response Documentation.
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
FAME Automates Malware Evaluation
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
A repository for using osquery for incident detection and response