RedEye
velociraptor
Our great sponsors
RedEye | velociraptor | |
---|---|---|
7 | 5 | |
2,531 | 2,654 | |
- | 4.4% | |
10.0 | 9.6 | |
6 months ago | 4 days ago | |
TypeScript | Go | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
RedEye
-
Can someone please help me install CISA's RedEye tool?
I want to assume that you downloaded the Linux version from this link: https://github.com/cisagov/RedEye/releases/download/v0.8.3/linux.zip
- Cisagov/RedEye: Red Team C2 Log Visualization
- New blue team
- Red Team C2 Log Visualization
- USG CISA - RedEye is a visual analytic tool supporting Red & Blue Team operations
- RedEye - a visual analytic tool supporting Red & Blue Team operations
velociraptor
- How to carry out mass Digital Forensic Collections using open source tools?
- List Of Free Web-based OpenSource Tools For Incident Response
-
Custom DFIR
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
- New blue team
-
We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool
What are some alternatives?
auditd - Best Practice Auditd Configuration
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Shuffle - Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
grr - GRR Rapid Response: remote live forensics for incident response
robodroid-library - Curated list of Frida scripts for RoboDroid to run pre-defined behaviors.
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
sigma - Main Sigma Rule Repository
AtomicPurpleTeam - Atomic Purple Team Framework and Lifecycle
dfirtrack - DFIRTrack - The Incident Response Tracking Application
sysmon-modular - A repository of sysmon configuration modules
cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more