Penetration testing commands for Incident Response
Incident response is the structured approach to addressing and managing security breaches or attacks. This category encompasses planning, detection, containment, eradication, and recovery processes.
Name | Description | Price |
---|---|---|
DFIR ORC | Forensics artefact collection tool for systems running Microsoft Windows | Free |
DFIRTrack | Incident response tracking web application, focused on handling one major incident with a lot of affected systems | Free |
Fenrir | IOC scanner | Free |
IntelMQ | Solution for collecting and processing security feeds using a message queuing protocol | Free |
IRIS | Collaborative platform aiming to help incident responders sharing technical details during investigations | Free |
Loki | IOC scanner | Free |
Munin | Online hash checker for Virustotal and other services | Free |
Osquery | Uses SQL queries to monitor and analyze operating systems, providing endpoint visibility for security | Free |
SCOT | Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base | Free |
Sigma | Generic signature format for SIEM systems | Free |
ThreatHound | Windows event log file viewer and analyser | Free |
uncoder.io | Translate sigma rules into various SIEM, EDR, and XDR formats | Free |
YARA | Pattern matching helping malware researchers to identify and classify malware samples | Free |
Yara Toolkit | Yara rules editor, generator, scanner | Free |
yarAnalyzer | Creates statistics on a yara rule set and files in a sample directory | Free |
yarGen | YARA rules generator | Free |
YAYA | Yet Another Yara Automaton; automatically curate open source yara rules and run scans | Free |