even with the awesome list all over GitHub, I kept losing tracks of cool tools, scripts, cheat sheet so here are some of them:

  • 05.10.2022 initial
  • 18.10.2022 add 365defender resources link
  • 26.10.2023 add Linux IR cheat sheet link
  • 10.11.2023 add ideas for writing about infosec/dfir link

event log parser

chainsaw Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.

DeepBlueCLI a PowerShell Module for Threat Hunting via Windows Event Logs

logparser studio event viewer and other logs parsing with SQL Language interface


velociraptor Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.

osquery osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.

loki Loki - Simple IOC and YARA Scanner

KAPE Kroll Artifact Parser And Extractor, lets forensic teams collect and process forensically useful artifacts within minutes.

all in one analysis

autposy/ TSK Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools

knowledge base, tutorial, cheat sheet, etc

event ids github event id awesome list

mitre to evtx MITRE mapping to event id

lenny zeltser log cheatsheet

lenny zeltser incident survey Security incident survey cheat sheet for server administrators

sentinel hunting query

365 defender resources

linux IR cheatsheet

ideas for writing about infosec/dfir