Incident response tools, and resources when alarms pop off.
- LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log.
- DFIRTrack - The Incident Response Tracking Application.
- FIR - Fast Incident Response allows for easy creation, tracking, and reporting of cybersecurity incidents.
- The Hive - A Scalable, Open Source and Free Security Incident Response Platform.
- Wazuh - Capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
- Cortex - Powerful Observable Analysis and Active Response Engine.
- Log-MD -Tool to assist Information Security and IT Professionals discover the artifacts needed to understand if a Windows system has a malware infection.
- Response - Real-time incident response and reporting tool.
- Velociraptor - A tool for collecting host based state information using Velocidex Query Language (VQL) queries.