WithSecureLabs/detectree external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/detectree

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/detectree)

Close

WithSecureLabs / detectreeView on GitHubMore

• External links
• Readme badge

Data visualization for blue teams

☆126Jan 20, 2023Updated 3 years ago

Alternatives and similar repositories for detectree

Users that are interested in detectree are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ST1LLY / dc-sonar

  View on GitHub
  Analyzing AD domains for security risks related to user accounts
  ☆64Nov 11, 2022Updated 3 years ago
• kacos2000 / Evtx_Log_Browser

  View on GitHub
  Evtx Log (xml) Browser
  ☆59Mar 12, 2023Updated 3 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• Maboalenen / DFIR

  View on GitHub
  Incident response teams usually working on the offline data, collecting the evidence, then analyze the data
  ☆46Jan 2, 2022Updated 4 years ago
• Harvester57 / CodeIntegrity-DriverBlocklist

  View on GitHub
  ☆20May 30, 2025Updated 10 months ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• theflakes / reg_hunter

  View on GitHub
  Blueteam operational triage registry hunting/forensic tool.
  ☆149Sep 2, 2025Updated 7 months ago
• olafhartong / sysmon-modular-linux

  View on GitHub
  A repository of Sysmon For Linux configuration modules
  ☆16Oct 14, 2021Updated 4 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆801Updated this week
• BushidoUK / Exploring-APT-campaigns

  View on GitHub
  Further investigation in to APT campaigns disclosed by private security firms and security agencies
  ☆86Jun 4, 2022Updated 3 years ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆867Jan 20, 2022Updated 4 years ago
• airbus-cert / Winshark

  View on GitHub
  A wireshark plugin to instrument ETW
  ☆582Jan 28, 2022Updated 4 years ago
• JeffMichelmore / MDEKit

  View on GitHub
  ☆43Oct 11, 2023Updated 2 years ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆223May 1, 2021Updated 4 years ago
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆819Mar 6, 2026Updated last month
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,497Apr 1, 2026Updated last week
• Johnng007 / Black-Widow

  View on GitHub
  A collection of Script for Red Team & Incidence Response
  ☆11Jun 30, 2022Updated 3 years ago
• magnusstubman / tokenduplicator

  View on GitHub
  Tool to start processes as SYSTEM using token duplication
  ☆37Oct 27, 2020Updated 5 years ago
• PayloadSecurity / Sandbox_Scryer

  View on GitHub
  ☆223Sep 8, 2022Updated 3 years ago
• lucky-luk3 / Grafiki

  View on GitHub
  Threat Hunting tool about Sysmon and graphs
  ☆337May 28, 2023Updated 2 years ago
• cyentific-rni / cacao-json-schemas

  View on GitHub
  JSON schemas for validating CACAO Security Playbooks. Note: In December 2023, Cyentific AS offered and transferred the content of this re…
  ☆19Dec 15, 2023Updated 2 years ago
• microsoft / msticpy

  View on GitHub
  Microsoft Threat Intelligence Security Tools
  ☆1,955Mar 25, 2026Updated 2 weeks ago
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 4 years ago
• NextronSystems / CyberChef

  View on GitHub
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆65Aug 10, 2022Updated 3 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• neolea / neolea-training-materials

  View on GitHub
  Open source training materials for law-enforcement and organisations interested in DFIR.
  ☆63May 30, 2025Updated 10 months ago
• threathunters-io / laurel

  View on GitHub
  Transform Linux Audit logs for SIEM usage
  ☆824Mar 5, 2026Updated last month
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆254Nov 18, 2024Updated last year
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,541Jan 24, 2023Updated 3 years ago
• stuhli / awesome-event-ids

  View on GitHub
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆644Jun 19, 2024Updated last year
• alphasoc / flightsim

  View on GitHub
  A utility to safely generate malicious network traffic patterns and evaluate controls.
  ☆1,361Apr 4, 2024Updated 2 years ago
• msdirtbag / ADXFlowmaster

  View on GitHub
  ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.
  ☆39Oct 30, 2024Updated last year
• dfir-iris / iris-web

  View on GitHub
  Collaborative Incident Response platform
  ☆1,458Feb 16, 2026Updated last month
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• phackt / wptsextensions.dll

  View on GitHub
  WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.
  ☆56Jun 30, 2021Updated 4 years ago
• gtworek / VolatileDataCollector

  View on GitHub
  ☆216Dec 2, 2025Updated 4 months ago
• cyberark / RPCMon

  View on GitHub
  RPC Monitor tool based on Event Tracing for Windows
  ☆390Aug 19, 2024Updated last year
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆209Jul 21, 2022Updated 3 years ago
• 00010111 / smbtimeline

  View on GitHub
  ☆35Oct 20, 2024Updated last year
• tsale / EDR-Telemetry

  View on GitHub
  This project aims to compare and evaluate the telemetry of various EDR products.
  ☆1,942Mar 26, 2026Updated 2 weeks ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,732Mar 20, 2024Updated 2 years ago