Alternatives and similar repositories for CAST:

Users that are interested in CAST are comparing it to the libraries listed below

• NVISOsecurity / evtx-hunter
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆151Updated 3 years ago
• humio / security_monitoring
  ☆41Updated last year
• olafhartong / MDE-AuditCheck
  MDE relies on some of the Audit settings to be enabled
  ☆97Updated 2 years ago
• NextronSystems / CyberChef
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆63Updated 2 years ago
• rtkwlf / wolf-tools
  Tools and scripts by Arctic Wolf
  ☆68Updated 10 months ago
• LaresLLC / SysmonConfigPusher
  Pushes Sysmon Configs
  ☆89Updated 3 years ago
• cisagov / ioc-scanner
  Search a filesystem for indicators of compromise (IoC).
  ☆70Updated 2 weeks ago
• thinkst / canary-utils
  Collection of useful Canary tools
  ☆75Updated 2 weeks ago
• NetSPI / PowerHunt
  PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
  ☆65Updated 2 months ago
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆72Updated 4 months ago
• p0w3rsh3ll / NetCease
  ☆60Updated 3 years ago
• SophosRapidResponse / OSQuery
  ☆83Updated last month
• jsecurity101 / Marvel-Lab
  A collection of Powershell scripts that will help automate the build process for a Marvel domain.
  ☆144Updated last year
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆87Updated last year
• curated-intel / Log4Shell-IOCs
  A collection of intelligence about Log4Shell and its exploitation activity.
  ☆183Updated 3 years ago
• MHaggis / notes
  Full of public notes and Utilities
  ☆98Updated 3 weeks ago
• YossiSassi / Get-UserSession
  Query user sessions for the entire domain (Interactive/RDP etc), allowing you to query a Username and see all their logged on sessions, w…
  ☆90Updated last year
• netwrix / PingCastleCloud
  Audit program for AzureAD
  ☆146Updated last year
• CrowdStrike / Falcon-Toolkit
  Unleash the power of the Falcon Platform at the CLI
  ☆115Updated last month
• activecm / espy
  Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
  ☆68Updated last year
• olafhartong / Presentations
  My conference presentations
  ☆66Updated last year
• atc-project / atc-data
  Actionable data for Security Operations
  ☆18Updated 3 years ago
• jangeisbauer / gundog
  gundog - guided hunting in Microsoft Defender
  ☆52Updated 3 years ago
• iknowjason / BlueCloud
  Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
  ☆128Updated 2 years ago
• swisscom / Invoke-Forensics
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆112Updated last year
• freeload101 / CrowdStrike_RTR_Powershell_Scripts
  ☆68Updated last year
• hackjalstead / IRCP
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆65Updated 3 years ago
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆84Updated 7 months ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆90Updated 3 years ago
• LuccaSA / PingCastle-Notify
  Monitor your PingCastle scans to highlight the rule diff between two scans
  ☆110Updated 6 months ago