#Incident-response
Showing 60 of 160 repositories tagged #incident-response, ranked by stars
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
A curated list of Site Reliability and Production Engineering resources.
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A curated list of tools for incident response
Complete open-source monitoring and observability platform.
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
IntelOwl: manage your Threat Intelligence at scale
Volatility 3.0 development
Tools and Techniques for Blue Team / Incident Response
Digging Deeper....
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
SRE Agent - CNCF Sandbox Project
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
A curated knowledge base to build, run and mature a SOC (including CSIRT).
Awesome Security lists for SOC/CERT/CTI
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
A collection of postmortem templates
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
ThePhish: an automated phishing email analysis tool
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.
Wazuh - Docker containers
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
FAME Automates Malware Evaluation
A collection of resources for Threat Hunters
Open source templates you can use to bootstrap your security programs
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
Digital Forensics Investigation Platform
A concise, directive, specific, flexible, and free incident response plan template
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Tenzir is the data pipeline engine for security teams.
Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
OPCDE Cybersecurity Conference Materials
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
An opensource incident management platform integrating with Slack.
A curated list of awesome Memory Forensics for DFIR
Wazuh - Ruleset
Plugins for Wazuh Dashboard
AssemblyLine 4: File triage and malware analysis
Fast and efficient osquery management
Free educational courses in cybersecurity, reverse engineering, malware analysis, and programming designed to expand access, build practical skills, and support the next generation of cyber defenders.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Automatically capture and surface your team's tribal knowledge
Cyber Incident Response Team Playbook Battle Cards
Wazuh - Ansible playbook
An ops AI Agent that understands your infrastructure, finds the root cause, and fixes it — right from Slack, Telegram, Lark or DingTalk.
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Open-source AI copilot that lets you chat with your observability data and code 🧙♂️
Cloud-ops automation runbooks that are ready to use. Build your own automations using the hundreds of drag and drop actions included in the repository. Built on Jupyter Notebooks, our automation platform jumpstarts your SRE RunBook creation. 😎 published by the unSkript community.