awslabs/aws-automated-incident-response-and-forensics external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

awslabs/aws-automated-incident-response-and-forensics

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/awslabs/aws-automated-incident-response-and-forensics)

Close

awslabs / aws-automated-incident-response-and-forensicsView on GitHubMore

• External links
• Readme badge

☆401Sep 25, 2023Updated 2 years ago

Alternatives and similar repositories for aws-automated-incident-response-and-forensics

Users that are interested in aws-automated-incident-response-and-forensics are comparing it to the libraries listed below

• aws-samples / aws-incident-response-playbooks

  View on GitHub
  ☆1,050Aug 22, 2025Updated 6 months ago
• google / cloud-forensics-utils

  View on GitHub
  Python library to carry out DFIR analysis on the Cloud
  ☆500Mar 2, 2026Updated last week
• invictus-ir / Invictus-AWS

  View on GitHub
  A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …
  ☆198Jan 6, 2026Updated 2 months ago
• awslabs / aws-cloudsaga

  View on GitHub
  AWS CloudSaga - Simulate security events in AWS
  ☆473Updated this week
• easttimor / aws-incident-response

  View on GitHub
  ☆375Feb 23, 2024Updated 2 years ago
• aws-samples / aws-customer-playbook-framework

  View on GitHub
  This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
  ☆649Updated this week
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,272Updated this week
• duo-labs / cloudtrail-partitioner

  View on GitHub
  ☆157Jul 8, 2023Updated 2 years ago
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339Updated this week
• aws-samples / aws-incident-response-playbooks-workshop

  View on GitHub
  ☆97Feb 19, 2024Updated 2 years ago
• aws-samples / jupyter-notebook-for-incident-response

  View on GitHub
  A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…
  ☆153Nov 15, 2023Updated 2 years ago
• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆174Feb 22, 2026Updated 2 weeks ago
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆134Jan 31, 2022Updated 4 years ago
• dlcowen / sansfor509

  View on GitHub
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆222Oct 26, 2025Updated 4 months ago
• zmallen / cloudtrail2sightings

  View on GitHub
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆82Jul 25, 2022Updated 3 years ago
• awslabs / assisted-log-enabler-for-aws

  View on GitHub
  Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
  ☆273Updated this week
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,061Oct 5, 2023Updated 2 years ago
• ramimac / aws-customer-security-incidents

  View on GitHub
  A repository of breaches of AWS customers
  ☆795Jan 24, 2026Updated last month
• ThreatResponse / aws_ir

  View on GitHub
  Python installable command line utiltity for mitigation of host and key compromises.
  ☆347Jul 23, 2021Updated 4 years ago
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆790Oct 29, 2022Updated 3 years ago
• awslabs / aws-security-analytics-bootstrap

  View on GitHub
  AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena a…
  ☆272Mar 2, 2026Updated last week
• invictus-ir / ALFA

  View on GitHub
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆173Mar 2, 2026Updated last week
• awslabs / aws-security-assessment-solution

  View on GitHub
  An AWS tool to help you create a point in time assessment of your AWS account using Prowler.
  ☆592Nov 12, 2025Updated 3 months ago
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆296May 5, 2024Updated last year
• aws-samples / aws-security-reference-architecture-examples

  View on GitHub
  Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (incl…
  ☆1,121Dec 12, 2025Updated 2 months ago
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆569Sep 25, 2025Updated 5 months ago
• aws-solutions / automated-security-response-on-aws

  View on GitHub
  Automated Security Response on AWS is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a…
  ☆465Mar 3, 2026Updated last week
• RhinoSecurityLabs / cloudgoat

  View on GitHub
  CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  ☆3,490Feb 12, 2026Updated 3 weeks ago
• cado-security / cloudgrep

  View on GitHub
  cloudgrep is grep for cloud storage
  ☆326Feb 26, 2025Updated last year
• bluecapesecurity / PWF

  View on GitHub
  Practical Windows Forensics Training
  ☆749Feb 16, 2026Updated 3 weeks ago
• 0x4D31 / detection-and-response-pipeline

  View on GitHub
  ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …
  ☆289Feb 5, 2024Updated 2 years ago
• sbasu7241 / AWS-Threat-Simulation-and-Detection

  View on GitHub
  Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic
  ☆308Jan 6, 2023Updated 3 years ago
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆254Nov 18, 2024Updated last year
• marcurdy / dfir-toolset

  View on GitHub
  Dump of organized knowledge on DFIR
  ☆138Oct 4, 2021Updated 4 years ago
• awslabs / aws-security-automation

  View on GitHub
  Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  ☆635Jan 14, 2026Updated last month
• WillOram / AzureAD-incident-response

  View on GitHub
  Notes on responding to security breaches relating to Azure AD
  ☆121Mar 14, 2022Updated 3 years ago
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,303Updated this week
• mandiant / Azure_Workshop

  View on GitHub
  ☆614Jun 1, 2023Updated 2 years ago
• Algbra-Labs-OSS / Chronicle

  View on GitHub
  ☆65May 21, 2024Updated last year