dsiem
velociraptor
dsiem | velociraptor | |
---|---|---|
3 | 5 | |
431 | 2,654 | |
0.2% | 2.1% | |
6.0 | 9.6 | |
about 1 month ago | 7 days ago | |
Go | Go | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dsiem
velociraptor
- How to carry out mass Digital Forensic Collections using open source tools?
- List Of Free Web-based OpenSource Tools For Incident Response
-
Custom DFIR
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
- New blue team
-
We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool
What are some alternatives?
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
go-stash - go-stash is a high performance, free and open source server-side data processing pipeline that ingests data from Kafka, processes it, and then sends it to ElasticSearch.
grr - GRR Rapid Response: remote live forensics for incident response
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
sigma - Main Sigma Rule Repository
sysmon-modular - A repository of sysmon configuration modules
dfirtrack - DFIRTrack - The Incident Response Tracking Application
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more