Using osquery for Mass Incident Detection & Response
☆19Jun 25, 2016Updated 9 years ago
Alternatives and similar repositories for responding-at-scale-with-osquery
Users that are interested in responding-at-scale-with-osquery are comparing it to the libraries listed below
Sorting:
- How can you track the hunting techniques you come up with?☆13Sep 3, 2017Updated 8 years ago
- Cli interface to threatcrowd.org☆20Jul 6, 2017Updated 8 years ago
- Honeybadger Red Edition☆13Sep 13, 2017Updated 8 years ago
- Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!☆25Jun 19, 2017Updated 8 years ago
- Maltego Transform to put entities into MISP events☆28Jul 24, 2021Updated 4 years ago
- Library for Object Linking and Embedding (OLE) data types☆12Nov 27, 2025Updated 3 months ago
- Library and tools to access the Windows Hibernation File (hiberfil.sys) format☆13Dec 20, 2025Updated 2 months ago
- A set of templates for documenting threat intelligence☆75Feb 28, 2013Updated 13 years ago
- ReviveIT (revit) is a proof of concept file recovery tool (carver)☆13Dec 3, 2020Updated 5 years ago
- CRITs IOC Visualization in Maltego☆28Jan 8, 2015Updated 11 years ago
- ssdeep based clustering tool☆14Jan 17, 2016Updated 10 years ago
- Materials for the BSides NoVA/Charleston 2018 Bro Workshop☆14Jun 4, 2025Updated 9 months ago
- Bro stuff.☆12May 24, 2016Updated 9 years ago
- Library and tools to access the Master Boot Record (MBR) volume system format☆14Dec 21, 2025Updated 2 months ago
- Go bindings for YARA☆18Mar 10, 2022Updated 3 years ago
- Parses for Google Analytic values in raw files like RAM, DD images etc.☆18Apr 17, 2016Updated 9 years ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- Experimental Bro scripts with good prospects for the official bro-scripts repository.☆20Nov 2, 2017Updated 8 years ago
- Extract information from MISP via the API☆16Jul 18, 2016Updated 9 years ago
- Bro/Zeek integration with osquery☆93Nov 2, 2020Updated 5 years ago
- Library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db)☆17Dec 3, 2025Updated 3 months ago
- Push "BAD" IPs/Networks into QRadar's "Remote Networks", tag them properly, and use them!☆18Nov 5, 2013Updated 12 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Gather domains as a precursor to scanning☆21Feb 18, 2026Updated 2 weeks ago
- ☆34Apr 29, 2021Updated 4 years ago
- Web based analysis platform for use with the AWS_IR command line tool.☆17Aug 4, 2016Updated 9 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Dec 17, 2025Updated 2 months ago
- A Python library for being a CND Batman....☆35Oct 29, 2015Updated 10 years ago
- Basic Maltego Transforms for looking up SSL certs and IP info from censys.io☆38Mar 14, 2017Updated 8 years ago
- Integration with Slack API☆15Dec 10, 2023Updated 2 years ago
- Visual Studio Code extension for writing Terrascan Rego policies☆23Sep 7, 2024Updated last year
- Zeek scripting language highlighting/support for Sublime Text☆19Jul 20, 2021Updated 4 years ago
- A Slack bot to add security info to messages containing URLs, hashes and IPs☆71Aug 28, 2024Updated last year
- The OVAL Language Sandbox☆44Jan 25, 2021Updated 5 years ago
- Digital Forensics Windows Registry (dfWinReg)☆54Dec 22, 2025Updated 2 months ago
- Library and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files☆17Dec 19, 2025Updated 2 months ago
- My personal experience in Threat Hunting and knowledge gained so far.☆19May 27, 2017Updated 8 years ago
- Twintelligence is a free Twitter OSINT tool☆51Dec 8, 2020Updated 5 years ago
- Maltego transforms for all sorts of things☆21Aug 31, 2012Updated 13 years ago