Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀. Learn more →
Top 7 PowerShell Dfir Projects
A repository of sysmon configuration modulesProject mention: Is Windows Defender for Business any good? | reddit.com/r/cybersecurity | 2022-11-09
Agree. Harden your endpoints (if unsure where to start consider hardening kitty, https://github.com/scipag/HardeningKitty) and harden Defender (https://0ut3r.space/2022/03/06/windows-defender/). Add Sysmon with a good config (https://github.com/olafhartong/sysmon-modular) and you've reached a good starting point.
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Close all those tabs. Zigi will handle your updates.. Zigi monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack! Plus it reduces cycle time by up to 75%.
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.Project mention: Work setup | reddit.com/r/pop_os | 2022-08-27
Detection Lab ELK: https://github.com/cyberdefenders/DetectionLabELK
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）Project mention: Yamato-Security/WELA: WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ） | reddit.com/r/cyber_deception | 2021-12-26
Powering Up Incident Response with Power-Response
SQLite queries (by kacos2000)Project mention: SQLite query repository? | reddit.com/r/computerforensics | 2022-01-20
https://github.com/kacos2000/Queries - Costas is very underappreciated. He's amazing
Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Truly a developer’s best friend. Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.
PowerShell Dfir related posts
Is Windows Defender for Business any good?
2 projects | reddit.com/r/cybersecurity | 9 Nov 2022
splunk sysmon events
2 projects | reddit.com/r/Splunk | 2 Apr 2022
Best monitoring software that works like event logs?
2 projects | reddit.com/r/sysadmin | 21 Feb 2022
Hosts making DNS queries to malicious site. How to dig deeper and find source?
2 projects | reddit.com/r/AskNetsec | 9 Feb 2022
Yamato-Security/WELA: WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）
1 project | reddit.com/r/cyber_deception | 26 Dec 2021
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs
1 project | reddit.com/r/purpleteamsec | 25 Dec 2021
This Visual Studio Code extension is for heping in the writting of Sysmon XML configuration files - now supports Sysmon for Linux schema
3 projects | reddit.com/r/blueteamsec | 17 Oct 2021
A note from our sponsor - Scout APM
scoutapm.com | 3 Dec 2022
What are some of the best open-source Dfir projects in PowerShell? This list will help you: