Alternatives and similar repositories for artifacts

Users that are interested in artifacts are comparing it to the libraries listed below

• strozfriedberg / greppin-logs
  2021 SANS DFIR Summit: Greppin' Logs
  ☆20Updated 3 years ago
• log2timeline / dftimewolf
  A framework for orchestrating forensic collection, processing and data export
  ☆325Updated this week
• bk-cs / rtr
  Real-time Response scripts and schema
  ☆115Updated last year
• EricZimmerman / Get-ZimmermanTools
  Get all my software
  ☆165Updated last month
• dlcowen / sansfor509
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆204Updated 10 months ago
• syloktools / MISP-QRADAR-REFERENCE-SET-BUILDER
  Pulls IOCs from MISP and adds the to reference sets in QRadar
  ☆34Updated 2 years ago
• MalwareArchaeology / ARTHIR
  ATT&CK Remote Threat Hunting Incident Response
  ☆201Updated 7 months ago
• mark-hallman / plaso_filters
  Scripts to facilitate filtering with Plaso
  ☆126Updated 5 years ago
• redcanaryco / surveyor
  A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
  ☆219Updated 3 months ago
• carbonblack / cbfeeds
  Carbon Black Feeds
  ☆73Updated 2 years ago
• mbevilacqua / appcompatprocessor
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆205Updated 3 years ago
• ReconInfoSec / velociraptor-to-timesketch
  ☆8Updated 8 months ago
• splunk / contentctl
  Splunk Content Control Tool
  ☆114Updated this week
• k-bailey / detection-engineering-maturity-matrix
  ☆95Updated 2 years ago
• EricZimmerman / KapeDocs
  Documentation repository
  ☆45Updated 10 months ago
• blueteam0ps / AllthingsTimesketch
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆110Updated last year
• inodee / threathunting-spl
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆285Updated last year
• marcurdy / dfir-toolset
  Dump of organized knowledge on DFIR
  ☆135Updated 3 years ago
• EricZimmerman / SQLECmd
  ☆52Updated last week
• megan201296 / gsuite-dfir
  ☆42Updated 4 years ago
• joshzelonis / attack-eval-scoring
  This was code for analyzing round 1 of the MITRE Enterprise ATT&CK Evaluation. Please check out https://github.com/joshzelonis/Enterprise…
  ☆95Updated 5 years ago
• AndrewRathbun / KAPE-EZToolsAncillaryUpdater
  A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…
  ☆57Updated 3 weeks ago
• ds4n6 / ds4n6_scripts
  Library of python scripts to apply Data Science in several forensics artifacts
  ☆31Updated 5 years ago
• dfirtips / evids.dfir.tips
  ☆11Updated 4 years ago
• OTRF / OSSEM-DM
  OSSEM Detection Model
  ☆176Updated 2 years ago
• MarkBaggett / freq
  This is a repository for freq.py and freq_server.py
  ☆208Updated 5 years ago
• ds4n6 / ds4n6_lib
  Library of functions to apply Data Science in several forensics artifacts
  ☆39Updated 11 months ago
• pe3zx / crowdstrike-falcon-queries
  A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon
  ☆207Updated 5 years ago
• brimorlabs / rdpieces
  The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images
  ☆82Updated last year
• dod-cyber-crime-center / DC3-MWCP
  DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …
  ☆326Updated 5 months ago