# Incident Response

Incident response tools, and resources when alarms pop off.

# Active Directory

  • LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log. last-commit

# Management Platform

  • DFIRTrack - The Incident Response Tracking Application. last-commit
  • FIR - Fast Incident Response allows for easy creation, tracking, and reporting of cybersecurity incidents. last-commit
  • The Hive - A Scalable, Open Source and Free Security Incident Response Platform. last-commit
  • Wazuh - Capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. last-commit

# Reporting

  • Cortex - Powerful Observable Analysis and Active Response Engine. last-commit
  • Log-MD -Tool to assist Information Security and IT Professionals discover the artifacts needed to understand if a Windows system has a malware infection.
  • Response - Real-time incident response and reporting tool. last-commit
  • Velociraptor - A tool for collecting host based state information using Velocidex Query Language (VQL) queries. last-commit