Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
-
Updated
Jun 5, 2024 - Rust
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Forensic Artifacts Collecting Toolkit
This repository serves as a place for community created SQLECmd Maps for use with SQLECmd.
IntelOwl: manage your Threat Intelligence at scale
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.
Helm charts for running open source digital forensic tools in Kubernetes
An updated fork of @AbdulRhmanAlfaifi's EventLogMonitor, which hooks into Window Event Logs and displays the new events as they are written to disk.
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."