Python incident-response

Open-source Python projects categorized as incident-response

Top 23 Python incident-response Projects

incident-response
  1. IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. volatility3

    Volatility 3.0 development

    Project mention: Memory Dump Analysis | Kali Linux | dev.to | 2024-09-17

    Clone the Volatility 3 repository: > git clone https://github.com/volatilityfoundation/volatility3.git

  4. tracecat

    Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.

    Project mention: N8n – Open-source Zapier alternative | news.ycombinator.com | 2025-05-03
  5. Bashfuscator

    A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  6. Incident-Playbook

    GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  7. APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  8. beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. ThePhish

    ThePhish: an automated phishing email analysis tool

  11. iris-web

    Collaborative Incident Response platform

  12. intelmq

    IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  13. holmesgpt

    Your 24/7 On-Call AI Agent - Solve Alerts Faster with Automatic Correlations, Investigations, and More

    Project mention: AI with Kubernetes: Operations for Developers 🤖 | dev.to | 2025-03-30

    HolmesGPT, from Robusta, is a tool that simplifies Kubernetes troubleshooting. It investigates issues automatically, requiring no prior expertise. Use it via the Robusta SaaS platform or CLI with queries like holmes ask "what pods are unhealthy and why?".

  14. Watcher

    Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  15. CyberThreatHunting

    A collection of resources for Threat Hunters

  16. atc-react

    A knowledge base of actionable Incident Response techniques

  17. incidental

    An opensource incident management platform integrating with Slack.

    Project mention: Ask HN: What are you working on (August 2024)? | news.ycombinator.com | 2024-08-24

    I'm working on https://github.com/incidentalhq/incidental

    It's an incident management platform, similar to Pagerduty, Rootly or FireHydrant.

    It's the first side project I've open sourced, and I've been hacking on it weekends and nights. Hoping to get a few companies to start using it to get some early feedback.

  18. dfirtrack

    DFIRTrack - The Incident Response Tracking Application

  19. misp-taxonomies

    Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

  20. assisted-log-enabler-for-aws

    Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

  21. TheHive4py

    Python API Client for TheHive

  22. cradle

    CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control. Enhance your CTI workflow from analysis to reporting—all in one secure space. (by prodaft)

    Project mention: Cradle – Collaborative Threat Intelligence Hub | news.ycombinator.com | 2025-03-18
  23. kc7

    A cybersecurity game in Azure Data Explorer

  24. mediator

    An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)

  25. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python incident-response discussion

Log in or Post with

Python incident-response related posts

  • Show HN: I am building an open-source incident management platform

    3 projects | news.ycombinator.com | 8 Jul 2024
  • Volatility 3 2.4.1 - New Linux and Windows plugins

    1 project | /r/blueteamsec | 22 Apr 2023
  • Using volatility 3 to retrieve clipboard contents

    1 project | /r/computerforensics | 27 Mar 2023
  • Report tips and note taking tips

    4 projects | /r/computerforensics | 21 Mar 2023
  • DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text

    4 projects | /r/programming | 3 Mar 2023
  • Custom DFIR

    5 projects | /r/computerforensics | 9 Feb 2023
  • How to conduct security assesment of AWS?

    3 projects | /r/AskNetsec | 8 Dec 2022
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 21 Jun 2025
    InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

What are some of the best open-source incident-response projects in Python? This list will help you:

# Project Stars
1 IntelOwl 4,158
2 volatility3 3,208
3 tracecat 2,820
4 Bashfuscator 1,766
5 Incident-Playbook 1,466
6 APT-Hunter 1,340
7 beagle 1,314
8 ThePhish 1,239
9 iris-web 1,209
10 intelmq 1,049
11 holmesgpt 1,038
12 Watcher 930
13 CyberThreatHunting 890
14 atc-react 637
15 incidental 547
16 dfirtrack 519
17 misp-taxonomies 278
18 assisted-log-enabler-for-aws 256
19 TheHive4py 228
20 cradle 238
21 kc7 172
22 mediator 99
23 aws-incident-response-playbooks-workshop 91

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?