A collection of sources of documentation, as well as field best practices, to build/run a SOC
-
Updated
Dec 3, 2024
A collection of sources of documentation, as well as field best practices, to build/run a SOC
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Distributed malware processing framework based on Python, Redis and S3.
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
DomainClassifier is a Python (2/3) library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their DNS existence, localization or attributes.
BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN)
VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.
Incident Response Network Tools
Detecting Cobalt Strike Team Servers on targets through traffic telemetry.
CSV processing and web related data types mutual conversion
Tools used by CSIRT and especially in the scope of CNW
CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools
Ransomware for demonstration
IntelMQ command line tool to process events and send out email notifications.
Automation SIG
Static configuration extractor for the Karton framework
Add a description, image, and links to the csirt topic page so that developers can more easily learn about it.
To associate your repository with the csirt topic, visit your repo's landing page and select "manage topics."