From b1079e3be9f617165cec18b5bbdb6b3f2cba3c97 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 14 Dec 2015 10:09:57 +0100 Subject: [PATCH] Envdb added --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d3a120..bde396c 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ A curated list of tools and resources for security incident response, aimed to h * [MIG](http://mig.mozilla.org/) - Mozilla Investigator (MIG) is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. * [FIDO](https://github.com/Netflix/Fido) - Fully Integrated Defense Operation (FIDO) by Netflix is an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware. FIDO’s primary purpose is to handle the heavy manual effort needed to evaluate threats coming from today's security stack and the large number of alerts generated by them. * [Redline](https://www.fireeye.com/services/freeware/redline.html) - provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile. +* [Envdb](https://github.com/mephux/envdb) - Envdb turns your production, dev, cloud, etc environments into a database cluster you can search using osquery as the foundation. It wraps the osquery process with a (cluster) node agent that can communicate back to a central location. ### Incident Management * [FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike.