An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
☆60Jan 30, 2018Updated 8 years ago
Alternatives and similar repositories for HistoricProcessTree
Users that are interested in HistoricProcessTree are comparing it to the libraries listed below
Sorting:
- An Incident Response tool to extract console command history and screen output buffer☆42Jan 11, 2018Updated 8 years ago
- Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection☆36Mar 14, 2018Updated 8 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- Passive DNS server interface compliant to "Common Output Format"☆10Sep 19, 2016Updated 9 years ago
- Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.☆32Oct 13, 2018Updated 7 years ago
- Triage automation for suspect URLs☆13Jul 23, 2019Updated 6 years ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 4 years ago
- Signature engine for all your logs☆172Nov 13, 2023Updated 2 years ago
- Virus names generator☆28Feb 10, 2015Updated 11 years ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- Splunk integration with MISP☆12Apr 14, 2018Updated 7 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- ☆14May 30, 2018Updated 7 years ago
- This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and pre…☆12Jan 28, 2017Updated 9 years ago
- Scripts for MacOS related tasks.☆18Feb 16, 2020Updated 6 years ago
- Triaging Windows event logs based on SANS Poster☆48Nov 22, 2025Updated 3 months ago
- CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools☆16Feb 26, 2026Updated 3 weeks ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- Reconstruct process trees from event logs☆147Aug 12, 2020Updated 5 years ago
- A curses-style interface for automatic takedown notification based on MISP events.☆20Dec 11, 2020Updated 5 years ago
- nmap/ndiff based scanner with template based notification system in case of infrastructure changes☆19Feb 16, 2018Updated 8 years ago
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 9 years ago
- Malware Classifier From Network Captures☆82Jan 27, 2017Updated 9 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆219Jul 17, 2020Updated 5 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- The Suspicious Email Submitter is a discontinued browser extension (Chrome, Chromium, Firefox) for the easy submission of suspicious emai…☆15Mar 6, 2023Updated 3 years ago
- Another MISP module for Python☆18Feb 17, 2020Updated 6 years ago
- DNS Dashboard for hunting and identifying beaconing☆16Jul 29, 2020Updated 5 years ago
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Feb 23, 2016Updated 10 years ago
- Passive Bitcoin Project☆10Aug 10, 2015Updated 10 years ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆58Mar 18, 2022Updated 4 years ago
- ⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules☆12Updated this week
- This script is used for extracting DDE in docx and xlsx☆12Dec 8, 2017Updated 8 years ago