From a10eee2077a54e769b6c112a296da1991e900eb7 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Mon, 22 Mar 2021 00:38:12 +0700
Subject: [PATCH] Add: activecm/espy to DFIR section

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 67439bd..7fdd1cf 100644
--- a/README.md
+++ b/README.md
@@ -1000,6 +1000,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://github.com/activecm/BeaKer">activecm/BeaKer</a></td>
         <td>Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/activecm/espy/">activecm/espy/</a></td>
+        <td>Endpoint detection for remote hosts for consumption by RITA and Elasticsearch</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/ahmedkhlief/APT-Hunter">ahmedkhlief/APT-Hunter</a></td>
         <td>APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity</td>