Our great sponsors
-
In general I'm going to take the somewhat oppositional standpoint and say that all of these tools are damned similar in the grand scheme of it all. I think if you have the time you're better off implementing Sysmon across your entire Windows environment and utilize Sigma or similar to quickly improve your behavior detections and instead depend on your EDRs to handle known signature-based detections.
-
-
SonarLint
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
-
https://thehive-project.org/ - of course :)
-
https://github.com/wazuh/wazuh - Elastic is a PITA to grow but works well for viz
-
https://github.com/google/grr - great as a homegrown agent
-
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool
Related posts
- yampelo/beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
- Questions about getting into DF
- Threat detection
- Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis.
- I started a new role as a Incident Response Analyst and wanted to get some advice.