Incident Response

Incident response tools, and resources when alarms pop off.


Active Directory

Tool Description Directory
LogonTracer Investigate malicious Windows logon by visualizing and analyzing Windows event log. last-commit opensource

Management Platform

Tool Description Directory
Cyphon Platform that receives, processes, and triages events to create a more efficient analytic workflow. last-commit archive opensource
DFIRTrack The Incident Response Tracking Application. last-commit opensource
FIR Fast Incident Response allows for easy creation, tracking, and reporting of cybersecurity incidents. last-commit opensource
The Hive A Scalable, Open Source and Free Security Incident Response Platform. last-commit opensource
Wazuh Capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. last-commit opensource


Tool Description Directory
Cortex Powerful Observable Analysis and Active Response Engine. last-commit opensource
Response Real-time incident response and reporting tool. last-commit opensource
Velociraptor A tool for collecting host based state information using Velocidex Query Language (VQL) queries. last-commit opensource