.svg){kind=icon}
emailAn open-source incident management tool supporting multi-channel alerting, customizable messages, and on-call integrations.
Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
Collaborative forensic timeline analysis.
Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.
a Scalable, Open Source and Free Security Incident Response Platform.
TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables.
Source: Savez-vous ce qui est un OpenVOC ? @ Florian Dudaev's LinkedIn 
.
Assistance aux victimes de cybermalveillance.
Les experts en gestion de crise cyber du Comcyber-MI appuyés par les réservistes de la gendarmerie nationale se sont associés à Cybermalveillance.gouv.fr pour accompagner les petites et moyennes entreprises, associations et collectivités à faire face aux cyberattaques.
Ce MOOC comprend des outils et conseils simples à mettre en oeuvre pour mettre en place ou améliorer le dispositif de gestion de crise cyber au sein de votre organisation.
Open-Source Collaborative Incident Response Platform.
Created by incident responders for incident responders.
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.
Incident Management for Everyone. crisis management orchestration framework.
Stop trying to avoid phishing. Choose a weapon and fight it...
PhishTool gives human analysts the power to reverse engineer phishing emails, to better defend against them. PhishTool is to phishing emails as a disassembler is to malware or a forensic toolkit is to file systems.
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, makes ForensicMiner an indispensable asset for investigators navigating the complexities of forensic analysis. Streamlined and effective, this tool sets a new standard in the realm of digital forensics.
Lambda function that streamlines containment of an AWS account compromise.
AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.
All-in-One malware analysis tool.
All-in-One malware analysis tool for analyze many file types, from Windows binaries to E-Mail files.
FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents - reactive as well as proactive.
FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments. Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).