WithSecureLabs/detectree external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/detectree

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/detectree)

Close

WithSecureLabs / detectreeView on GitHubMore

• External links
• Readme badge

Data visualization for blue teams

☆127Jan 20, 2023Updated 3 years ago

Alternatives and similar repositories for detectree

Users that are interested in detectree are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ST1LLY / dc-sonar

  View on GitHub
  Analyzing AD domains for security risks related to user accounts
  ☆64Nov 11, 2022Updated 3 years ago
• kacos2000 / Evtx_Log_Browser

  View on GitHub
  Evtx Log (xml) Browser
  ☆59Mar 12, 2023Updated 3 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• Harvester57 / CodeIntegrity-DriverBlocklist

  View on GitHub
  ☆20May 30, 2025Updated 11 months ago
• Maboalenen / DFIR

  View on GitHub
  Incident response teams usually working on the offline data, collecting the evidence, then analyze the data
  ☆47Jan 2, 2022Updated 4 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• theflakes / reg_hunter

  View on GitHub
  Blueteam operational triage registry hunting/forensic tool.
  ☆148Sep 2, 2025Updated 8 months ago
• olafhartong / sysmon-modular-linux

  View on GitHub
  A repository of Sysmon For Linux configuration modules
  ☆16Oct 14, 2021Updated 4 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆806Apr 6, 2026Updated 3 weeks ago
• BushidoUK / Exploring-APT-campaigns

  View on GitHub
  Further investigation in to APT campaigns disclosed by private security firms and security agencies
  ☆86Jun 4, 2022Updated 3 years ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆869Jan 20, 2022Updated 4 years ago
• airbus-cert / Winshark

  View on GitHub
  A wireshark plugin to instrument ETW
  ☆587Jan 28, 2022Updated 4 years ago
• JeffMichelmore / MDEKit

  View on GitHub
  ☆44Oct 11, 2023Updated 2 years ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆225May 1, 2021Updated 5 years ago
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆820Apr 18, 2026Updated 2 weeks ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,523Apr 1, 2026Updated last month
• Johnng007 / Black-Widow

  View on GitHub
  A collection of Script for Red Team & Incidence Response
  ☆11Jun 30, 2022Updated 3 years ago
• magnusstubman / tokenduplicator

  View on GitHub
  Tool to start processes as SYSTEM using token duplication
  ☆37Oct 27, 2020Updated 5 years ago
• PayloadSecurity / Sandbox_Scryer

  View on GitHub
  ☆224Sep 8, 2022Updated 3 years ago
• lucky-luk3 / Grafiki

  View on GitHub
  Threat Hunting tool about Sysmon and graphs
  ☆339May 28, 2023Updated 2 years ago
• cyentific-rni / cacao-json-schemas

  View on GitHub
  JSON schemas for validating CACAO Security Playbooks. Note: In December 2023, Cyentific AS offered and transferred the content of this re…
  ☆19Dec 15, 2023Updated 2 years ago
• microsoft / msticpy

  View on GitHub
  Microsoft Threat Intelligence Security Tools
  ☆1,964Updated this week
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 4 years ago
• NextronSystems / CyberChef

  View on GitHub
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆66Aug 10, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• neolea / neolea-training-materials

  View on GitHub
  Open source training materials for law-enforcement and organisations interested in DFIR.
  ☆63May 30, 2025Updated 11 months ago
• threathunters-io / laurel

  View on GitHub
  Transform Linux Audit logs for SIEM usage
  ☆827Apr 17, 2026Updated 2 weeks ago
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆254Nov 18, 2024Updated last year
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,555Jan 24, 2023Updated 3 years ago
• stuhli / awesome-event-ids

  View on GitHub
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆647Jun 19, 2024Updated last year
• alphasoc / flightsim

  View on GitHub
  A utility to safely generate malicious network traffic patterns and evaluate controls.
  ☆1,363Apr 4, 2024Updated 2 years ago
• msdirtbag / ADXFlowmaster

  View on GitHub
  ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.
  ☆39Oct 30, 2024Updated last year
• dfir-iris / iris-web

  View on GitHub
  Collaborative Incident Response platform
  ☆1,475Apr 22, 2026Updated last week
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• phackt / wptsextensions.dll

  View on GitHub
  WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.
  ☆56Jun 30, 2021Updated 4 years ago
• gtworek / VolatileDataCollector

  View on GitHub
  ☆217Dec 2, 2025Updated 5 months ago
• cyberark / RPCMon

  View on GitHub
  RPC Monitor tool based on Event Tracing for Windows
  ☆392Aug 19, 2024Updated last year
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆209Jul 21, 2022Updated 3 years ago
• 00010111 / smbtimeline

  View on GitHub
  ☆35Oct 20, 2024Updated last year
• tsale / EDR-Telemetry

  View on GitHub
  This project aims to compare and evaluate the telemetry of various EDR products.
  ☆1,948Apr 24, 2026Updated last week
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,743Mar 20, 2024Updated 2 years ago