Incident-Playbook
Awesome-SOAR
Incident-Playbook | Awesome-SOAR | |
---|---|---|
10 | 3 | |
1,329 | 732 | |
- | - | |
0.0 | 0.0 | |
over 1 year ago | about 2 months ago | |
Python | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Incident-Playbook
- Cyber Playbooks
- Goal: Incident Response Playbooks Mapped to Mitre Attack Tactics and Techniques
- austinsonger/Incident-Playbook - Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
- Github Incident Playbooks "Incident Response Process and Playbooks | Goal: Playbooks to be Mapped to MITRE Attack Techniques"
- Github: austinsonger/Incident-Playbooks "Incident Response Process and Playbooks | Goal: Playbooks to be Mapped to MITRE Attack Techniques"
- Incident Response Process and Playbooks Mapped to Mitre Attack Technique
- Incident Response Process and Playbooks
Awesome-SOAR
-
Seeking Automation Inspiration for SOC/Blue Teams
Slightly dated, but Jurgen V compiled a nice collection of best practices to get you started: https://github.com/correlatedsecurity/Awesome-SOAR
-
SOAR Questions
The above strongly ties into Q7 - don't get me wrong, SOAR tools are fun to play with and easy to get excited about - but I have seen so many failed implementations out there, with SOAR only adding another shiny tool-based layer of complexity - as opposed to generating the originally intended opposite effect. Let's take a step back here: some details on your org, infra, tooling, team size and challenges are the place to start. You might have already seen it, but Jurgen V compiled a nice list of basics and vendor reviews at https://github.com/correlatedsecurity/Awesome-SOAR
- Cyber Playbooks
What are some alternatives?
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
content - Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated!
ansible-navigator - A text-based user interface (TUI) for Ansible.
playbooks
caldera - Automated Adversary Emulation Platform
EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
threathunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Incident-Response-Playbooks
ansible-freeipa - Ansible roles and modules for FreeIPA
playbooks - Phantom Community Playbooks
incident-response-plan-template - A concise, directive, specific, flexible, and free incident response plan template