mirror of
https://github.com/fabacab/awesome-cybersecurity-blueteam.git
synced 2024-12-28 16:59:27 -05:00
Add RITA, Volatility, LogonTracer.
This commit is contained in:
parent
2c2ac2ab5f
commit
06075b057c
@ -140,6 +140,8 @@ See also [awesome-honeypots](https://github.com/paralax/awesome-honeypots).
|
||||
|
||||
See also [awesome-incident-response](https://github.com/meirwah/awesome-incident-response).
|
||||
|
||||
- [LogonTracer](https://github.com/JPCERTCC/LogonTracer) - Investigate malicious Windows logon by visualizing and analyzing Windows event log.
|
||||
- [Volatility](https://www.volatilityfoundation.org/) - Advanced memory forensics framework.
|
||||
- [aws_ir](https://github.com/ThreatResponse/aws_ir) - Automates your incident response with zero security preparedness assumptions.
|
||||
|
||||
### IR management consoles
|
||||
@ -214,6 +216,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
||||
- [Moloch](https://github.com/aol/moloch) - Augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.
|
||||
- [OwlH](https://www.owlh.net/) - Helps manage network IDS at scale by visualizing Suricata, Zeek, and Moloch life cycles.
|
||||
- [Respounder](https://github.com/codeexpress/respounder) - Detects the presence of the Responder LLMNR/NBT-NS/MDNS poisoner on a network.
|
||||
- [Real Intelligence Threat Analysis (RITA)](https://github.com/activecm/rita) - Open source framework for network traffic analysis that ingests Zeek logs and detects beaconing, DNS tunneling, and more.
|
||||
- [Snort](https://snort.org/) - Widely-deployed, Free Software IPS capable of real-time packet analysis, traffic logging, and custom rule-based triggers.
|
||||
- [SpoofSpotter](https://github.com/NetSPI/SpoofSpotter) - Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
|
||||
- [Stenographer](https://github.com/google/stenographer) - Full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes.
|
||||
|
Loading…
Reference in New Issue
Block a user