TheHive
dfir-orc
Our great sponsors
| TheHive | dfir-orc | |
|---|---|---|
| 13 | 1 | |
| 2,459 | 263 | |
| 2.5% | 3.4% | |
| 8.9 | 8.9 | |
| 6 days ago | about 2 months ago | |
| Scala | C++ | |
| GNU Affero General Public License v3.0 | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
TheHive
-
What are good ways to organize notes during an incident? CISObox?
Take a look at TheHive! It's free, as long as you can spend some cycles hosting, maintaining, and updating it. I was able to stand up a basic instance within an hour or so, plus they have a really useful demo VM prebuilt that lets you literally import a demo instance to play around with.
-
We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.
https://thehive-project.org/ - of course :)
- Ran across this in a hacking penetration group. Thought it was pretty interesting.. A little to much so and a little too ironic to not mean something.
-
SOC people, what are your goto websites for checking domain/IP reputation?
IntelOwl TheHive
-
Top 20 Open-source tools for every Blue Teamer
Its official website: https://thehive-project.org
-
I want to buy a SIEM, but I don't know which one
I also recommend checking out TheHive Project and Cortex. I used these in my SOC days and was super impressed with features, like linking incidents automatically based on reported IOCs. TheHive runs on elasticsearch under the hood, too.
-
What's in your toolkit?
We used to use TheHive and really liked it. The IoC tracking and case linking was very nice. And the Cortex integrations were awesome. And then manglement dictated a single ticket system to rule them all. Since they didn't bother to purchase the IR module, we're stuck with a subpar system which I'll leave nameless.
-
Need evidence management software recommendation
Depending on what you need TheHive might be a sufficient open source solution: https://github.com/TheHive-Project/TheHive
- Are there any free / open source Evidence Management Systems?
-
Looking for a solution for conducting investigations - organizing evidence, identifying patterns in log files, etc. Like digital forensics/intelligence gathering maybe? More details inside.
Maybe TheHive?
dfir-orc
-
Standard artifact gathering script
Looks great! Will dig into that. It looks like French ANSSI's DFIR-ORC. Maybe a good solution.
What are some alternatives?
Aurora-Incident-Response - Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Wazuh - Wazuh - The Open Source Security Platform
dislocker - FUSE driver to read/write Windows' BitLocker-ed volumes under Linux / Mac OSX
Kuiper - Digital Forensics Investigation Platform
velociraptor - Digging Deeper....
CortexDocs - Documentation of Cortex
dfirtrack - DFIRTrack - The Incident Response Tracking Application
CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
grr - GRR Rapid Response: remote live forensics for incident response
vast - :crystal_ball: Visibility Across Space and Time – The network telemetry engine for data-driven security investigations.
scala-pet-store - An implementation of the java pet store using FP techniques in scala
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.