even with the awesome list all over GitHub, I kept losing tracks of cool tools, scripts, cheat sheet so here are some of them:
- 05.10.2022 initial
- 18.10.2022 add 365defender resources link
- 26.10.2023 add Linux IR cheat sheet link
- 10.11.2023 add ideas for writing about infosec/dfir link
event log parser
chainsaw Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
DeepBlueCLI a PowerShell Module for Threat Hunting via Windows Event Logs
logparser studio event viewer and other logs parsing with SQL Language interface
endpoint
velociraptor Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
osquery osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.
loki Loki - Simple IOC and YARA Scanner
KAPE Kroll Artifact Parser And Extractor, lets forensic teams collect and process forensically useful artifacts within minutes.
all in one analysis
autposy/ TSK Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools
knowledge base, tutorial, cheat sheet, etc
event ids github event id awesome list
mitre to evtx MITRE mapping to event id
lenny zeltser incident survey Security incident survey cheat sheet for server administrators