velociraptor
dsiem
velociraptor | dsiem | |
---|---|---|
5 | 3 | |
2,665 | 431 | |
2.6% | 0.2% | |
9.6 | 6.0 | |
3 days ago | 2 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
velociraptor
- How to carry out mass Digital Forensic Collections using open source tools?
- List Of Free Web-based OpenSource Tools For Incident Response
-
Custom DFIR
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
- New blue team
-
We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool
dsiem
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
grr - GRR Rapid Response: remote live forensics for incident response
go-stash - go-stash is a high performance, free and open source server-side data processing pipeline that ingests data from Kafka, processes it, and then sends it to ElasticSearch.
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
sigma - Main Sigma Rule Repository
RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
dfirtrack - DFIRTrack - The Incident Response Tracking Application
sysmon-modular - A repository of sysmon configuration modules
cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.