tclahr / uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
☆790Updated last week
Related projects ⓘ
Alternatives and complementary repositories for uac
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆765Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆678Updated last week
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆584Updated 4 months ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆554Updated this week
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆520Updated 2 months ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆654Updated this week
- A knowledge base of actionable Incident Response techniques☆612Updated 2 years ago
- ReversingLabs YARA Rules☆760Updated last month
- SIEM Tactics, Techiques, and Procedures☆584Updated 2 weeks ago
- CyLR - Live Response Collection Tool☆641Updated 2 years ago
- ☆505Updated last month
- Sophos-originated indicators-of-compromise from published reports☆544Updated this week
- Digital Forensics artifact repository☆1,061Updated 2 months ago
- Documentation and scripts to properly enable Windows event logs.☆553Updated last year
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆515Updated 2 years ago
- Hunting queries and detections☆725Updated last month
- Repository of YARA rules made by Trellix ATR Team☆569Updated 10 months ago
- Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…☆921Updated last month
- A set of Zeek scripts to detect ATT&CK techniques.☆563Updated 4 months ago
- RegRipper3.0☆554Updated last week
- DFIRTrack - The Incident Response Tracking Application☆482Updated 2 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,678Updated this week
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆844Updated last week
- Awesome list of keywords and artifacts for Threat Hunting sessions☆464Updated this week
- Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques☆306Updated 5 months ago
- Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)☆395Updated this week
- Cyber Incident Response Team Playbook Battle Cards☆360Updated 5 months ago
- Sysmon configuration file template with default high-quality event tracing☆454Updated 9 months ago
- Actionable analytics designed to combat threats☆972Updated 2 years ago