We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything.

• sigma

  41 7,624 9.8 Python

  Main Sigma Rule Repository

  

In general I'm going to take the somewhat oppositional standpoint and say that all of these tools are damned similar in the grand scheme of it all. I think if you have the time you're better off implementing Sysmon across your entire Windows environment and utilize Sigma or similar to quickly improve your behavior detections and instead depend on your EDRs to handle known signature-based detections.

• dfirtrack

  2 465 7.8 Python

  DFIRTrack - The Incident Response Tracking Application

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• TheHive

  24 3,166 0.0 Scala

  TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  

https://thehive-project.org/ - of course :)

• Wazuh

  151 9,161 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

https://github.com/wazuh/wazuh - Elastic is a PITA to grow but works well for viz

• grr

  5 4,651 6.3 Python

  GRR Rapid Response: remote live forensics for incident response

  

https://github.com/google/grr - great as a homegrown agent

• velociraptor

  5 2,654 9.6 Go

  Digging Deeper....

  

https://github.com/Velocidex/velociraptor - purchased recently but still a great tool

Suggest a related project