log2timeline / dftimewolfLinks
A framework for orchestrating forensic collection, processing and data export
☆323Updated this week
Alternatives and similar repositories for dftimewolf
Users that are interested in dftimewolf are comparing it to the libraries listed below
Sorting:
- DFIRTrack - The Incident Response Tracking Application☆519Updated 9 months ago
- User guide of MISP☆270Updated 5 months ago
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆288Updated last month
- MISP trainings, threat intel and information sharing training materials with source code☆411Updated 3 weeks ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆499Updated 2 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆338Updated 2 years ago
- Sigma rules from Joe Security☆216Updated 7 months ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆376Updated 3 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆218Updated 2 months ago
- Documentation of Cortex☆174Updated last year
- ☆173Updated 11 months ago
- Collecting & Hunting for IOCs with gusto and style☆240Updated 3 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆284Updated last year
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 6 months ago
- Dump of organized knowledge on DFIR☆134Updated 3 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆151Updated 3 months ago
- A curated list of awesome things related to TheHive & Cortex☆180Updated 3 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆246Updated 3 years ago
- A (nearly) production ready Dockered MISP☆232Updated last year
- AutoMacTC: Automated Mac Forensic Triage Collector☆541Updated 3 years ago
- Modules for expansion services, enrichment, import and export in MISP and other tools.☆354Updated 2 weeks ago
- CyLR - Live Response Collection Tool☆682Updated 3 years ago
- Documentation of TheHive☆398Updated last year
- Repository of YARA rules made by Trellix ATR Team☆600Updated 3 months ago
- MISP Docker (XME edition)☆282Updated last year
- ☆303Updated 4 years ago
- Cortex Analyzers Repository☆461Updated last week
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆323Updated 4 months ago
- Security Monitoring Resolution Categories☆138Updated 3 years ago
- Threat Feed Aggregation, Made Easy☆168Updated 4 years ago