Penetration testing commands for Incident Response
Incident response is the structured approach to addressing and managing security breaches or attacks. This category encompasses planning, detection, containment, eradication, and recovery processes.
| Name | Description | Price |
|---|---|---|
| DFIR ORC | Forensics artefact collection tool for systems running Microsoft Windows | Free |
| DFIRTrack | Incident response tracking web application, focused on handling one major incident with a lot of affected systems | Free |
| Fenrir | IOC scanner | Free |
| IntelMQ | Solution for collecting and processing security feeds using a message queuing protocol | Free |
| IRIS | Collaborative platform aiming to help incident responders sharing technical details during investigations | Free |
| Loki | IOC scanner | Free |
| Munin | Online hash checker for Virustotal and other services | Free |
| Osquery | Uses SQL queries to monitor and analyze operating systems, providing endpoint visibility for security | Free |
| SCOT | Sandia Cyber Omni Tracker; cyber security incident response management system and knowledge base | Free |
| Sigma | Generic signature format for SIEM systems | Free |
| ThreatHound | Windows event log file viewer and analyser | Free |
| uncoder.io | Translate sigma rules into various SIEM, EDR, and XDR formats | Free |
| YARA | Pattern matching helping malware researchers to identify and classify malware samples | Free |
| Yara Toolkit | Yara rules editor, generator, scanner | Free |
| yarAnalyzer | Creates statistics on a yara rule set and files in a sample directory | Free |
| yarGen | YARA rules generator | Free |
| YAYA | Yet Another Yara Automaton; automatically curate open source yara rules and run scans | Free |