Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
In general I'm going to take the somewhat oppositional standpoint and say that all of these tools are damned similar in the grand scheme of it all. I think if you have the time you're better off implementing Sysmon across your entire Windows environment and utilize Sigma or similar to quickly improve your behavior detections and instead depend on your EDRs to handle known signature-based detections.
https://thehive-project.org/ - of course :)
https://github.com/wazuh/wazuh - Elastic is a PITA to grow but works well for viz
https://github.com/google/grr - great as a homegrown agent
https://github.com/Velocidex/velociraptor - purchased recently but still a great tool