dfir-orc
zeek
dfir-orc | zeek | |
---|---|---|
1 | 1 | |
356 | 5,942 | |
0.3% | 1.5% | |
8.9 | 9.9 | |
3 months ago | 7 days ago | |
C++ | C++ | |
GNU Lesser General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dfir-orc
-
Standard artifact gathering script
Looks great! Will dig into that. It looks like French ANSSI's DFIR-ORC. Maybe a good solution.
zeek
-
Suricata VS zeek - a user suggested alternative
2 projects | 2 Jan 2024
What are some alternatives?
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
awesome-incident-response - A curated list of tools for incident response
arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
tenzir - Open source security data pipelines.
Cortex - Cortex: a Powerful Observable Analysis and Active Response Engine
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
vast - VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.