"topic:dfir-automation" — Search

92 results for “topic:dfir-automation”

Automate the creation of a lab environment complete with security tooling and logging best practices

ansibledetectiondetectionlabdfirdfir-automationinformation-securitylab-environmentosquerypackerpowershellsysmonterraformvagrantvagrantfile

wagga40/Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Python788112Updated 2 days ago

auditddetectiondfirdfir-automationdfir-toolsevtxevtxtractforensicsforensics-toolslogspysigmapython3sigmasigma-rulessysmon

securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

PowerShell75768Updated 1 week ago

automationcybercyber-securitydfirdfir-automationdigital-forensicincident-responseinfosecirmdrpowershellreportingsecuritysoctools

iknowjason/PurpleCloud

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Python630105Updated 2 days ago

azureazure-labdfirdfir-automationpentestpurpleteamsiem

Correia-jpv/fucking-awesome-incident-response

A curated list of tools for incident response. With repository stars⭐ and forks🍴

25736Updated 1 day ago

awesomeawesome-listdfirdfir-automationdigital-forensicsdigitalforensicsincidentincident-managementincident-reportsincident-responseincident-response-toolingincidentslistsecurity

cado-security/varcArchived

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Python25414Updated 6 days ago

awsaws-fargateaws-forensicsaws-lambdacloud-securitydfirdfir-automationdocker-forensicseks-forensicsfargate-forensicsforensicshacktoberfestmemory-forensicssecurity

jurelou/epagneul

Graph Visualization for windows event logs

Python24234Updated 1 month ago

blueteamdfir-automationevtxforensicsforensics-toolshuntingsecuritysecurity-toolsthreat-hunting

iknowjason/BlueCloud

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

HTML14531Updated 2 months ago

blue-teamcyber-rangecyberrangedfirdfir-automationedr-testingpentestingpurpleteam

cado-security/rip_rawArchived

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Python13416Updated 1 month ago

dfirdfir-automationforensic-analysisforensicsmemory-forensicssecurity

hashlookup/hashlookup-forensic-analyser

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Python12813Updated 2 months ago

bloom-filterdfirdfir-automationforensic-analysisforensics-investigationshashlookupnsrlnsrllookup

adulau/hashlookup-server

Fast lookup server for NSRL and other hash database used in digital forensic

Python497Updated 4 days ago

dfirdfir-automationhashlookupinformation-securityinfosecnsrlnsrllookup

ugurrates/Blue-Team-Assistant

LLM supported Toolkit for Blue Team/ SOC Operations

Python4813Updated 1 day ago

blueteam-toolsdfir-automationsoc-automationthreat-huntingthreat-intelligence

op7ic/unix_collector

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Shell417Updated 1 month ago

blueteamcomputer-forensicsdfirdfir-automationesxiforensicsforensics-toolsfreebsdincident-responselinuxlive-responseopenbsdposixscriptsecuritysolaristriageunix

Digital-Defense-Institute/openrelik-pipeline

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

Python407Updated 3 weeks ago

dfirdfir-automationhayabusaincident-responseinfoseclog2timelineopenrelikplasosecopssecuritysecurity-automationtimesketchvelociraptor

ionsec/maes-platform

MAES: M365 Analyzer & Extractor Suite Po

JavaScript338Updated 2 months ago

365-microsoft-officedfir-automationsecurity-assessment

QXJ6YW4/SimpleImager

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

Batchfile304Updated 1 week ago

blueteamdfirdfir-automationdigital-forensicsdigital-forensics-incident-responseforensic-imagerforensicsforensics-101forensics-toolsir-diagmemory-dumpmemory-dumper

atola-technology/iscsi-targets

Automatically create iSCSI targets for all drives except for a boot device

Python250Updated 3 months ago

dfirdfir-automationdfir-toolsforensic-imagerforensic-softwareforensic-toolsiscsiiscsi-target

iknowjason/Velociraptor_AzureArchived

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

HCL224Updated 3 months ago

dfirdfir-automationpurpleteam

brootware/flarevm-up

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

HCL206Updated 5 months ago

blueteamingctfctf-toolsdfir-automationdigital-forensicsforensics-toolsmalware-analysisreverse-engineeringvagrantvirtualboxwindows-10

idiom/activemime-format

ActiveMime File Format Documentation

Python192Updated 3 weeks ago

dfirdfir-automationmalware-analysis

jupyterj0nes/sabonis

Sabonis, a Digital Forensics and Incident Response pivoting tool

Python190Updated 1 week ago

blue-teamdfirdfir-automationdigital-forensicsincident-response

RealityNet/McAFuse

Toolset to analyze disks encrypted with McAFee FDE technology

Python190Updated 8 months ago

dfirdfir-automationfdefuse-filesystemincident-responsemaster-thesismcafeereverse-engineering

CERT-SYNETIS/PyTriage

Outil de triage automatisé de différents types de collectes d'artefacts.

JavaScript170Updated 2 months ago

dfirdfir-automationdfir-toolspython3

CERT-EDF/generaptor

CLI generator for Velociraptor offline collector

Python164Updated 5 days ago

cli-appdfirdfir-automationvelociraptor

w8mej/InfoSec-Blueprints

Essential playbooks & runbooks for cybersecurity operations. A dynamic resource for security pros to navigate digital threats, with best practices, incident management protocols, and community-driven updates. Elevate your security strategy and response with our AI-driven guides.

Jupyter Notebook154Updated 1 month ago

adversarial-ml-in-securityautomated-incident-triageautomated-remediationautomated-response-orchestrationbehavioral-analysis-with-mlblueteamcontinuous-security-monitoringdarpadfirdfir-automationincident-resp-playbooksincidentresponsellm-based-threat-detectionml-agents-for-securityml-for-anomaly-detectionnlp-for-threat-intelligencerunbook-automation-scriptssecurity

swiftbird07/IRIS-SOAR

🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!

Python154Updated 4 days ago

dfirdfir-automationdfir-irisiris-web-frameworkpythonsoar

maxspl/OSIR

Orchestration Software for Incident Response

Python142Updated 22 hours ago

dfirdfir-automationdfir-orcforensicsincident-responsekapelinuxorchestrationtriagewindows

BenjiTrapp/boxed-kali

Kali in a Box - Containerized and fully operational within your Browser

Shell132Updated 2 months ago

dfir-automationdockerkali-linuxnovncpenetration-testing

dwmetz/Cyberpipe-Timeliner

Automated pipeline for generating forensic timelines from Magnet Response collections.

PowerShell130Updated 4 days ago

dfirdfir-automation

CIRCL/factual-rules

Factual rules are YARA rules to find legitimate software on raw disk acquisition.

YARA131Updated 1 month ago

dfirdfir-automationyara-forensicsyara-rulesyara-signatures

Page 1 of 4