even with the awesome list all over github, I kept losing tracks of cool tools, scripts, cheatsheet so here are some of them:
update 05.10.2022 update 18.10.2022 add 365defender resources
event log parser
chainsaw Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
DeepBlueCLI a PowerShell Module for Threat Hunting via Windows Event Logs
logparser studio event viewer and other logs parsing with SQL Language interface
velociraptor Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
osquery osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.
loki Loki - Simple IOC and YARA Scanner
KAPE Kroll Artifact Parser And Extractor, lets forensic teams collect and process forensically useful artifacts within minutes.
all in one analysis
autposy/ TSK Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools
knowledge base, tutorial, cheatsheet, etc
event ids github event id awesome list
mitre to evtx MITRE mapping to event id
lenny zeltser log cheatsheet IR critical log review cheatsheet
lenny zeltser incident survey Security incident survey cheat sheet for server administrators
sentinel hunting query sentinel hunting query
365 defender 365 defender resources