TheHive VS DidierStevensSuite

TheHive is a versatile open-source solution for streamlining the investigation and prompt handling of security incidents. Seamlessly integrates with MISP to facilitate the transition from event analysis to investigation initiation, enabling efficient synchronization and export for collaborative threat detection and response. Moreover, coupling TheHive with Cortex empowers security professionals to efficiently analyze up to hundreds of observables. Timely-Lychee-5204 describes it as, "an open-source and scalable Security Incident Response Platform designed for handling incidents efficiently."

TheHive/Cortex - https://thehive-project.org/

I haven't done any IR myself, but I was thinking something like TheHive Project (open source) or similar proprietary IR toolsets would be common. But over on r/blueteamsec I just saw this post, where people claimed to be using:

There are so many of them in big data, e.g. Kafka, Spark, Flink, Delta, Snowplow, Finagle, Deequ, CMAK, OpenWhisk, Snowflake, TheHive, TVM-VTA, etc.

https://thehive-project.org/ - of course :)

I also recommend checking out TheHive Project and Cortex. I used these in my SOC days and was super impressed with features, like linking incidents automatically based on reported IOCs. TheHive runs on elasticsearch under the hood, too.

We used to use TheHive and really liked it. The IoC tracking and case linking was very nice. And the Cortex integrations were awesome. And then manglement dictated a single ticket system to rule them all. Since they didn't bother to purchase the IR module, we're stuck with a subpar system which I'll leave nameless.

Didier Stevens is a famous security researcher, but his instructions on how to scan pdf's require the terminal & many commands. I am hostile to this in general as I think it can all be implemented in a simple one click scan tool, instead. Which is what I am looking for. Here are all his relevant links & antivirus/anti-malware projects & tutorials: https://github.com/DidierStevens/DidierStevensSuite

This tool was built to fill a gap in the PDF assessment landscape. Didier Stevens's pdfid.py and pdf-parser.py are still the best game in town when it comes to PDF analysis tools but they lack in the visualization department and also don't give you much to work with as far as giving you a data model you can write your own code around. Peepdf seemed promising but turned out to be in a buggy, out of date, and more or less unfixable state. And neither of them offered much in the way of tooling for embedded binary analysis. Thus I felt the world might be slightly improved if I strung together a couple of more stable/well known/actively maintained open source projects (AnyTree, PyPDF2, and Rich) into this tool.

Didier Stevens Suite - He has a tool for everything.