KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
Updated
May 23, 2024 - Python
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Windows network host hunting at scale!
IntelOwl: manage your Threat Intelligence at scale
GPT-4o based chat model for advanced cyber operations, digital investigations and OSINT.
A cross platform forensic parser written in Rust!
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
Helm charts for running open source digital forensic tools in Kubernetes
Archive of presentations shared with the DFIR community.
Harness the power of Splunk for your investigations
Your Everyday Threat Intelligence
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
Automation and Scaling of Digital Forensics Tools
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."