SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Dfir Open-Source Projects
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
I have an idea for a simar style website that i would like to create, and i was going to use GTFOBins as a template and ammend to fit my data, much like LOLBAS has.
-
zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02 -
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
Project mention: A fun new feature we are working on in systemd: userspace-only reboot | news.ycombinator.com | 2023-07-06
https://github.com/cugu/awesome-forensics#acquisition : Memory forensics acquisition tools: POFR: PenguinOS Flight Recorder, LIME
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06
You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
-
Project mention: What are your go-to tools for task management and/or case work? | /r/cybersecurity | 2023-12-09
I had a quick test with the hive looks pretty nice. https://thehive-project.org/
-
-
Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
-
-
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
-
-
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Project mention: Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool | /r/blueteamsec | 2023-05-07 -
-
-
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
sorry thats https://matano.dev
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Dfir related posts
- RecuperaBit: A tool for forensic file system reconstruction
- A fun new feature we are working on in systemd: userspace-only reboot
- Sysmon 15.0 is out now with advanced features
- Advanced Hunting queries every admin should use
- LOOBins
- Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
- Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
-
A note from our sponsor - SaaSHub
www.saashub.com | 28 Mar 2024
Index
What are some of the best open-source Dfir projects? This list will help you:
Project | Stars | |
---|---|---|
1 | my-arsenal-of-aws-security-tools | 8,642 |
2 | awesome-incident-response | 7,038 |
3 | LOLBAS | 6,500 |
4 | zeek | 5,852 |
5 | DetectionLab | 4,476 |
6 | ThreatHunter-Playbook | 3,805 |
7 | awesome-forensics | 3,512 |
8 | Loki | 3,189 |
9 | TheHive | 3,166 |
10 | IntelOwl | 3,072 |
11 | chainsaw | 2,502 |
12 | timesketch | 2,470 |
13 | sysmon-modular | 2,463 |
14 | signature-base | 2,269 |
15 | EVTX-ATTACK-SAMPLES | 2,067 |
16 | hayabusa | 1,890 |
17 | cyberchef-recipes | 1,881 |
18 | yeti | 1,609 |
19 | MemLabs | 1,520 |
20 | matano | 1,334 |
21 | beagle | 1,250 |
22 | Cortex | 1,237 |
23 | threathunting | 1,099 |