Alternatives and similar repositories for SANS-DFIR-2017

Users that are interested in SANS-DFIR-2017 are comparing it to the libraries listed below

• 411Hall / obscurer
  Cowrie Honeypot Obscurer
  ☆17Updated 4 years ago
• shaanen / osint-combiner
  Combining OSINT sources in Elastic Stack
  ☆80Updated 4 years ago
• pwnlandia / hpfeeds-logger
  Small App for reading from MHN's hpfeeds broker and writing splunk logs
  ☆10Updated 5 years ago
• brianwarehime / otx_transforms
  Transforms for the AlienVault OTX service
  ☆39Updated 8 years ago
• MISP / mail_to_misp
  Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
  ☆69Updated last year
• gcrahay / otx_misp
  Imports Alienvault OTX pulses to a MISP instance
  ☆52Updated 3 years ago
• triw0lf / urlscan_scripts
  A bunch of scripts I use to work with urlscan.io
  ☆34Updated 5 years ago
• certtools / intelmq-feeds-documentation
  Cyber Threat Intelligence Feeds
  ☆67Updated last year
• notx11 / urlScan2Hive
  Triage automation for suspect URLs
  ☆13Updated 5 years ago
• josehelps / blackcert
  Blackcert monitors Certificate Transparency Logs for a keyword. Blackcert collects any certificate changes for this keyword and also chec…
  ☆9Updated 2 years ago
• daveherrald / scansio-sonar-splunk
  Python scripts to download, parse, and enrich scans.io study data and load into Splunk for research, threat intelligence gathering, and s…
  ☆19Updated 3 months ago
• cmatthewbrooks / pyiocutils
  A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).
  ☆17Updated 6 years ago
• securitydistractions / elastimispstash
  ☆29Updated 4 years ago
• Concinnity-Risks / LogisticalBudget
  This project contains code for comparing or ranking APT capabilities and operational capacity. The metrics are meant to quantify, rank, o…
  ☆35Updated 6 years ago
• hardwaterhacker / CrazyParser
  Parse URLCrazy and dnstwist output and compare against previous runs to identify new typosquatted domains.
  ☆51Updated 9 years ago
• Kathayra / threathuntingmaturitymodel
  Build your own threat hunting maturity model
  ☆11Updated 7 years ago
• MattCarothers / uhp
  Universal Honey Pot
  ☆29Updated 2 years ago
• csirtgadgets / verbose-robot
  The Fastest way to consume Threat Intel
  ☆25Updated 3 years ago
• CIRCL / PyPDNS
  Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.
  ☆81Updated 2 months ago
• treyka / threaty_threatego
  Maltego entity pack encompassing the entire STIX 1.2 data model and a targeted subset of the CybOX 2.1 data model
  ☆10Updated 9 years ago
• jalewis / actortrackr
  Home to the ActorTrackr source code
  ☆29Updated 7 years ago
• maltiverse / python-maltiverse
  API wrapper for Maltiverse
  ☆18Updated 8 months ago
• joesecurity / Joe-Sandbox-Bro
  JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox
  ☆45Updated 6 years ago
• ioc-fang / ioc-fanger
  Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
  ☆62Updated last year
• paralax / BurningDogs
  Honeypot log processor to create OTX Pulse entries
  ☆28Updated last year
• wolfpack1 / intel_collection_tools
  ☆22Updated 7 years ago
• Neo23x0 / atomic-threat-coverage
  Knowledge base of analytics designed to cover threats based on MITRE's ATT&CK.
  ☆22Updated 6 years ago
• dougiep16 / actortrackr
  Home to the ActorTrackr source code
  ☆24Updated 7 years ago
• jpyorre / IntelligentHoneyNet
  The Intelligent Honey Net Project attempts to create actionable information from honeypots
  ☆62Updated 9 years ago
• pwnlandia / mnemosyne
  Normalizer for honeypot data.
  ☆11Updated last year