velociraptor
RedEye
velociraptor | RedEye | |
---|---|---|
5 | 7 | |
2,665 | 2,531 | |
2.6% | - | |
9.6 | 10.0 | |
3 days ago | 7 months ago | |
Go | TypeScript | |
GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
velociraptor
- How to carry out mass Digital Forensic Collections using open source tools?
- List Of Free Web-based OpenSource Tools For Incident Response
-
Custom DFIR
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
- New blue team
-
We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool
RedEye
-
Can someone please help me install CISA's RedEye tool?
I want to assume that you downloaded the Linux version from this link: https://github.com/cisagov/RedEye/releases/download/v0.8.3/linux.zip
- Cisagov/RedEye: Red Team C2 Log Visualization
- New blue team
- Red Team C2 Log Visualization
- USG CISA - RedEye is a visual analytic tool supporting Red & Blue Team operations
- RedEye - a visual analytic tool supporting Red & Blue Team operations
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
auditd - Best Practice Auditd Configuration
grr - GRR Rapid Response: remote live forensics for incident response
Shuffle - Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
robodroid-library - Curated list of Frida scripts for RoboDroid to run pre-defined behaviors.
sigma - Main Sigma Rule Repository
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
dfirtrack - DFIRTrack - The Incident Response Tracking Application
AtomicPurpleTeam - Atomic Purple Team Framework and Lifecycle
cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
sysmon-modular - A repository of sysmon configuration modules