Foundstone/InvestigationPlaybookSpec external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Foundstone/InvestigationPlaybookSpec

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Foundstone/InvestigationPlaybookSpec)

Close

Foundstone / InvestigationPlaybookSpecView on GitHubMore

• External links
• Readme badge

InvestigationPlaybookSpec

☆71Sep 26, 2017Updated 8 years ago

Alternatives and similar repositories for InvestigationPlaybookSpec

Users that are interested in InvestigationPlaybookSpec are comparing it to the libraries listed below

• Foundstone / ExpertInvestigationGuides

  View on GitHub
  Expert Investigation Guides
  ☆51Mar 18, 2021Updated 5 years ago
• aboutsecurity / rastrea2r

  View on GitHub
  Collecting & Hunting for IOCs with gusto and style
  ☆117Aug 9, 2018Updated 7 years ago
• target / huntlib

  View on GitHub
  A Python library to help with some common threat hunting data analysis operations
  ☆142Apr 23, 2023Updated 2 years ago
• vi-or-die / TheHive4PS

  View on GitHub
  Powershell Functions to interact with TheHive-Project
  ☆11Jun 27, 2019Updated 6 years ago
• GoateePFE / BlogScripts

  View on GitHub
  Random scripts posted for my blog at http://aka.ms/goateepfe
  ☆25Mar 30, 2017Updated 8 years ago
• DefensePointSecurity / threat_note

  View on GitHub
  DPS' Lightweight Investigation Notebook
  ☆433Dec 31, 2023Updated 2 years ago
• sroberts / sapho

  View on GitHub
  A homebrewed cyber threat intelligence solution
  ☆20Nov 20, 2012Updated 13 years ago
• CIRCL / traceroute-circl

  View on GitHub
  Traceroute improved wrapper for CSIRT and CERT operators
  ☆40Oct 9, 2024Updated last year
• aboutsecurity / Audit_Host-Baseline

  View on GitHub
  A set of Bash scripts that allows you to repeatably collect and compare baseline audit data from Linux and Windows systems
  ☆20Oct 19, 2013Updated 12 years ago
• rkovar / dns_detection

  View on GitHub
  Detecting DNS Spoofing, DNS Tunneling, DNS Exfiltration
  ☆36Sep 28, 2015Updated 10 years ago
• randomuserid / Adama

  View on GitHub
  Searches For Threat Hunting and Security Analytics
  ☆238Mar 26, 2025Updated 11 months ago
• JCyberSec / CTIURLScan

  View on GitHub
  CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, auto…
  ☆11Mar 2, 2021Updated 5 years ago
• HASecuritySolutions / LogCampaign

  View on GitHub
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆55Jul 1, 2022Updated 3 years ago
• JamesHabben / sysmon-queries

  View on GitHub
  Queries to parse sysmon event log file with microsoft logparser
  ☆58Mar 31, 2015Updated 10 years ago
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆506Oct 21, 2022Updated 3 years ago
• olafhartong / detection-sources

  View on GitHub
  ☆53Mar 4, 2019Updated 7 years ago
• delimitry / compressed_rtf

  View on GitHub
  Compressed Rich Text Format (RTF) compression and decompression in Python
  ☆24Jun 29, 2025Updated 8 months ago
• conix-security / BTG

  View on GitHub
  BTG's purpose is to make fast and efficient search on IOC
  ☆71Nov 27, 2018Updated 7 years ago
• adulau / threat-intelligence.eu

  View on GitHub
  threat-intelligence.eu website and repository of information about open standards, documents, methodologies and processes in threat intel…
  ☆50Nov 3, 2025Updated 4 months ago
• UNIT777 / Email2TheHive

  View on GitHub
  This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.
  ☆12Jul 13, 2017Updated 8 years ago
• JohnLaTwC / MacroJob

  View on GitHub
  Proof of concept VBA code to add to Normal.dot to put restrictions on Word
  ☆40Dec 20, 2016Updated 9 years ago
• brianwarehime / munk

  View on GitHub
  Munk - Visualize Splunk Architecture in Maltego
  ☆13Sep 19, 2014Updated 11 years ago
• uber-common / metta

  View on GitHub
  An information security preparedness tool to do adversarial simulation.
  ☆1,137Apr 1, 2019Updated 6 years ago
• yeti-platform / pyeti

  View on GitHub
  Python bindings for Yeti's API
  ☆19Sep 12, 2023Updated 2 years ago
• dougiep16 / actortrackr

  View on GitHub
  Home to the ActorTrackr source code
  ☆24Jun 21, 2017Updated 8 years ago
• citrix / ioc-scanner-CVE-2019-19781

  View on GitHub
  Indicator of Compromise Scanner for CVE-2019-19781
  ☆58Mar 25, 2020Updated 5 years ago
• MHaggis / app_splunk_sysmon_hunter

  View on GitHub
  Splunk App to assist Sysmon Threat Hunting
  ☆38Mar 7, 2017Updated 9 years ago
• WithSecureLabs / snake

  View on GitHub
  snake - a malware storage zoo
  ☆217Jul 11, 2023Updated 2 years ago
• DissectMalware / MalwareCMDMonitor

  View on GitHub
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆43Sep 18, 2018Updated 7 years ago
• jordisk / TheHive2Sigma

  View on GitHub
  Python script to automatically create sigma rules from The hive observables
  ☆25Mar 17, 2019Updated 7 years ago
• TonyPhipps / Meerkat

  View on GitHub
  A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
  ☆480Nov 15, 2024Updated last year
• jonny-jhnson / Windows-API-To-Sysmon-Events

  View on GitHub
  A repository that maps API calls to Sysmon Event ID's.
  ☆121Nov 14, 2022Updated 3 years ago
• libyal / reviveit

  View on GitHub
  ReviveIT (revit) is a proof of concept file recovery tool (carver)
  ☆13Dec 3, 2020Updated 5 years ago
• spotify / terraform-google-grr

  View on GitHub
  A Terraform module for GRR: the distributed incident forensics and response framework
  ☆52May 6, 2020Updated 5 years ago
• IceMoonHSV / Sim

  View on GitHub
  C# User Simulation
  ☆33Oct 6, 2022Updated 3 years ago
• ThreatHuntingProject / hunter

  View on GitHub
  A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.
  ☆252Jul 19, 2021Updated 4 years ago
• certsocietegenerale / IRM-deprecated

  View on GitHub
  Incident Response Methodologies
  ☆1,018Aug 2, 2018Updated 7 years ago
• jepayneMSFT / WEFFLES

  View on GitHub
  Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
  ☆201Dec 11, 2017Updated 8 years ago
• truekonrads / kpulp

  View on GitHub
  Konrads' Pen-Ultimate (Windows) Log File Parser
  ☆14Dec 27, 2025Updated 2 months ago