- https://github.com/TheHive-Project/TheHive TheHive: An Scalable Open Source and Free Security Incident Response Platform
- https://github.com/MISP/MISP MISP: Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- https://github.com/CIRCL/AIL-framework AIL framework – Analysis Information Leak framework
- https://github.com/elceef/dnstwist dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- https://www.opencti.io/en/ OpenThreatIntel
- https://ivre.rocks/ IVRE: Network recon framework
SIEM (Security Information and Event Management)
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j: Windows Security Log Events Encyclopedia
- https://github.com/defensahacker/windows-evtx-forensics: Perform forensics in Windows Event Log Files
- https://github.com/Neo23x0/sigma: Sigma rules. Generic Signature Format for SIEM Systems
- https://uncoder.io/: Online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
- https://github.com/fw42/honeymap honeymap: Real-time websocket stream of GPS events on a fancy SVG world map
- https://github.com/pwnlandia/mhn MHN: Modern Honey Network
Standards and Frameworks
- https://capec.mitre.org MITRE CAPEC: Common Attack Pattern Enumeration and Classification. Specifies the attack patterns to attacks. I.e.: for a DOS attack (C) Abuse Existing Functionality – (210) -> (M) Flooding – (125) -> (S) UDP Flood – (486) [CVE-2003-0760]
- https://mitre-attack.github.io/attack-navigator/enterprise/ ATT&CK Navigator
- https://attack.mitre.org/matrices/enterprise/ MITRE ATT&CK matrix for OSes
- https://attack.mitre.org/matrices/enterprise/cloud/ MITRE ATT&CK matrix for the cloud
- https://attack.mitre.org/matrices/mobile/ MITRE ATT&CK matrix for mobile apps
- https://www.nist.gov/cyberframework NIST CSF 1.1: NIST Cybersecurity Framework 1.1
- https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST 800-61: NIST Computer Security Incident Handling Guide
- https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 FIRST CSIRT Services Framework 2.1
- https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html CyberKill Chain: Lockheed Martin Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?