An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
☆60Jan 30, 2018Updated 8 years ago
Alternatives and similar repositories for HistoricProcessTree
Users that are interested in HistoricProcessTree are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An Incident Response tool to extract console command history and screen output buffer☆42Jan 11, 2018Updated 8 years ago
- Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection☆36Mar 14, 2018Updated 8 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- Passive DNS server interface compliant to "Common Output Format"☆10Sep 19, 2016Updated 9 years ago
- Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.☆32Oct 13, 2018Updated 7 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Triage automation for suspect URLs☆13Jul 23, 2019Updated 6 years ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 4 years ago
- Signature engine for all your logs☆173Nov 13, 2023Updated 2 years ago
- Virus names generator☆28Feb 10, 2015Updated 11 years ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- Splunk integration with MISP☆12Apr 14, 2018Updated 8 years ago
- Query and report user logons relations from MS Windows Security Events☆244Aug 9, 2018Updated 7 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆14May 30, 2018Updated 7 years ago
- Windows 10 Live Information viewer☆39Jan 27, 2022Updated 4 years ago
- This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and pre…☆12Jan 28, 2017Updated 9 years ago
- Scripts for MacOS related tasks.☆18Feb 16, 2020Updated 6 years ago
- Triaging Windows event logs based on SANS Poster☆47Nov 22, 2025Updated 5 months ago
- CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools☆16Feb 26, 2026Updated 2 months ago
- IR-Tools - PowerShell tools for IR☆131Jul 10, 2017Updated 8 years ago
- Reconstruct process trees from event logs☆148Aug 12, 2020Updated 5 years ago
- A curses-style interface for automatic takedown notification based on MISP events.☆20Dec 11, 2020Updated 5 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- nmap/ndiff based scanner with template based notification system in case of infrastructure changes☆19Feb 16, 2018Updated 8 years ago
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 10 years ago
- Malware Classifier From Network Captures☆82Jan 27, 2017Updated 9 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆219Jul 17, 2020Updated 5 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- The Suspicious Email Submitter is a discontinued browser extension (Chrome, Chromium, Firefox) for the easy submission of suspicious emai…☆15Mar 6, 2023Updated 3 years ago
- Another MISP module for Python☆18Feb 17, 2020Updated 6 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Feb 23, 2016Updated 10 years ago
- Passive Bitcoin Project☆10Aug 10, 2015Updated 10 years ago
- Yara rules☆21Mar 27, 2023Updated 3 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆57Mar 18, 2022Updated 4 years ago
- ⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules☆12Mar 19, 2026Updated last month
- This script is used for extracting DDE in docx and xlsx☆12Dec 8, 2017Updated 8 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago