Netflix-Skunkworks/diffy external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Netflix-Skunkworks/diffy

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Netflix-Skunkworks/diffy)

Close

Netflix-Skunkworks / diffyView on GitHubMore

• External links
• Readme badge

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

☆631Jan 11, 2024Updated 2 years ago

Alternatives and similar repositories for diffy

Users that are interested in diffy are comparing it to the libraries listed below

• Netflix / repokid

  View on GitHub
  AWS Least Privilege for Distributed, High-Velocity Deployment
  ☆1,148Nov 24, 2025Updated 3 months ago
• Netflix / security_monkey

  View on GitHub
  Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  ☆4,372Feb 11, 2021Updated 5 years ago
• google / turbinia

  View on GitHub
  Automation and Scaling of Digital Forensics Tools
  ☆785Feb 19, 2026Updated last week
• Netflix-Skunkworks / skunky

  View on GitHub
  Marking instances dirty since 2018
  ☆47Apr 25, 2019Updated 6 years ago
• airbnb / binaryalert

  View on GitHub
  BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
  ☆1,443Dec 12, 2023Updated 2 years ago
• ThreatResponse / aws_ir

  View on GitHub
  Python installable command line utiltity for mitigation of host and key compromises.
  ☆347Jul 23, 2021Updated 4 years ago
• yampelo / beagle

  View on GitHub
  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
  ☆1,339Dec 13, 2022Updated 3 years ago
• Netflix-Skunkworks / aardvark

  View on GitHub
  Aardvark is a multi-account AWS IAM Access Advisor API
  ☆483Oct 25, 2024Updated last year
• Netflix-Skunkworks / cloudtrail-anomaly

  View on GitHub
  ☆83Dec 5, 2019Updated 6 years ago
• ThreatResponse / margaritashotgun

  View on GitHub
  Remote Memory Acquisition Tool
  ☆253Sep 22, 2020Updated 5 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,486Jan 12, 2026Updated last month
• duo-labs / cloudtracker

  View on GitHub
  CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  ☆907Dec 17, 2021Updated 4 years ago
• duo-labs / cloudtrail-partitioner

  View on GitHub
  ☆157Jul 8, 2023Updated 2 years ago
• google / timesketch

  View on GitHub
  Collaborative forensic timeline analysis
  ☆3,271Feb 23, 2026Updated last week
• google / grr

  View on GitHub
  GRR Rapid Response: remote live forensics for incident response
  ☆5,040Feb 16, 2026Updated 2 weeks ago
• bfuzzy / auditd-attack

  View on GitHub
  A Linux Auditd rule set mapped to MITRE's Attack Framework
  ☆822Jul 8, 2020Updated 5 years ago
• yeti-platform / yeti

  View on GitHub
  Your Everyday Threat Intelligence
  ☆1,951Feb 12, 2026Updated 2 weeks ago
• andrewkrug / fargate-ir

  View on GitHub
  Proof of concept incident response demo using SSM and AWS Fargate.
  ☆14Dec 5, 2019Updated 6 years ago
• toniblyx / my-arsenal-of-aws-security-tools

  View on GitHub
  List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
  ☆9,405Oct 16, 2025Updated 4 months ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,428Nov 16, 2023Updated 2 years ago
• uber-common / metta

  View on GitHub
  An information security preparedness tool to do adversarial simulation.
  ☆1,139Apr 1, 2019Updated 6 years ago
• cartography-cncf / cartography

  View on GitHub
  Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powere…
  ☆3,729Updated this week
• duo-labs / cloudmapper

  View on GitHub
  CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
  ☆6,264Jul 15, 2024Updated last year
• duo-labs / parliament

  View on GitHub
  AWS IAM linting library
  ☆1,109Jan 7, 2026Updated last month
• TheHive-Project / TheHive

  View on GitHub
  TheHive is a Collaborative Case Management Platform, now distributed as a commercial version
  ☆3,890Jul 25, 2025Updated 7 months ago
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆532Jan 13, 2026Updated last month
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆606Nov 28, 2024Updated last year
• certsocietegenerale / FIR

  View on GitHub
  Fast Incident Response
  ☆1,995Feb 17, 2026Updated last week
• airbnb / streamalert

  View on GitHub
  StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environme…
  ☆2,888Oct 23, 2023Updated 2 years ago
• RiotGames / cloud-inquisitor

  View on GitHub
  Enforce ownership and data security within AWS
  ☆446Oct 7, 2020Updated 5 years ago
• palantir / osquery-configuration

  View on GitHub
  A repository for using osquery for incident detection and response
  ☆881Sep 8, 2025Updated 5 months ago
• ForensicArtifacts / artifacts

  View on GitHub
  Digital Forensics artifact repository
  ☆1,207Feb 11, 2026Updated 2 weeks ago
• target / strelka

  View on GitHub
  Real-time, container-based file scanning at enterprise scale
  ☆975Updated this week
• nccgroup / PMapper

  View on GitHub
  A tool for quickly evaluating IAM permissions in AWS.
  ☆1,541Aug 2, 2024Updated last year
• Netflix-Skunkworks / stethoscope-app

  View on GitHub
  A desktop application that checks security-related settings and makes recommendations for improvements without requiring central device m…
  ☆464Sep 6, 2023Updated 2 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,719Jan 21, 2026Updated last month
• easttimor / aws-incident-response

  View on GitHub
  ☆374Feb 23, 2024Updated 2 years ago
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆505Oct 21, 2022Updated 3 years ago
• arkadiyt / aws_public_ips

  View on GitHub
  Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  ☆640Apr 29, 2021Updated 4 years ago