DFIR-ORC / dfir-orc-config
Configurations for DFIR ORC
☆27Updated last year
Alternatives and similar repositories for dfir-orc-config:
Users that are interested in dfir-orc-config are comparing it to the libraries listed below
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 2 months ago
- evtx2json extracts events of interest from event logs, dedups them, and exports them to json.☆41Updated 3 years ago
- Generate YARA rules for OOXML documents.☆38Updated last year
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- ☆34Updated 6 months ago
- Community modules for FAME☆65Updated 2 months ago
- A list of Mitre Caldera compatible emulation-plans☆14Updated 4 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35Updated 3 months ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows☆12Updated 3 weeks ago
- The core backend server handling API requests and task management☆38Updated 2 weeks ago
- ☆44Updated last year
- pocket guide for core threat hunting concepts☆23Updated 4 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆22Updated 3 years ago
- ☆22Updated 6 months ago
- Windows file metadata / forensic tool.☆18Updated 7 months ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- Alternative YARA scanning engine☆70Updated 2 years ago
- Tracking APT IOCs☆25Updated 4 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- C# User Simulation☆32Updated 2 years ago
- Merge all Yara rules from official Yara github repository in one .yar file☆29Updated 6 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- THOR Thunderstorm Collectors☆24Updated 3 weeks ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 3 years ago
- Mass Triage Tools☆20Updated 2 months ago