Information Security Architecture
Identify
What to check?
Logs
Mails
Files
other files
Executables
Office Files
Network Indicators
Asset Discovery
Nozomi Networks
...
Which Indicators exists
IP
Domain
Host
Hash
MD5
SHA1
SHA256
SHA512
Mail address
URL
PATH
Behavior
Cryptocurrency Wallets
Bitcoin Addresses
Certificates
x509
CMDB - Configuration Management Database
Service NOW CMDB
Protect
Technologies
Postfix
Traefik
Processes
Playbooks
Untertopic
Additional Supporting Tools
Banditore retrieves new releases from your starred GitHub repositories and generate an Atom feed with them.
Manipulate and extract envfiles in json format.
GoAccess
Breach Information
Have I been pawned
What is AbuseIO?
It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO's purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process.
sed regex verifier
Test
Choose the best MSSP
Recover
Respond
Workflow
n8n
Shuffle
Cortex XSOAR Palo Alto
Splunk Phantom
Endpoint Incident Response Tools
Agentless
Thor, Thor Lite | Nextron
Agent required
GRR
Case Management
TheHive
Reading and processing of email folders for TheHive + Autoupdating case histories
EmailScanner is an integration application in python that uses `exchangelib` to process mail items in Microsoft exchange.
FIR - Fast Incident Response
Detect
SIEM - Central Security Log System
Splunk
TA - Technical Addon | Ingest Data
App / SA - Security App | Dashboards, Searches, ...
ExaBeam
Elastic Search
Security Onion 2
Graylog
HELK
Logz.io
30d retention for $2,25 per GB; start for 2GB
Untertopic
LogRhytm
Sematext
Free 500MB 7d retention
start monthly at $60
Loggly
DataDogHQ
$0,30 per GB
Sumologic
free 500MB
$200 and above monthly
Endpoint Detection and Response (EDR)
Defender ATP for Endpoint
Wazuh
Carbon Black
Untertopic
Intrusion Detection System
Network
BRO
Zeek
Suricata
Network Security Monitoring on Raspberry Pi type devices
Host
Falco
Untertopic
Enrichment
Extractor
GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
Aggregator
FAME Automates Malware Evaluation
Meet the open-source malware analysis framework and its user-friendly web interface. Made by and for incident responders.
IoC Feeds
Paid Account required
Free Account required
Twitter Account
VirusTotal
Google – Safe Browsing
Google Account
Twitter Account
Accountless
Website with IoCs, Hash, URL, IP, Domain,
Cisco – Talos Intelligence
SANS Internet Storm Center
Virusshare
Samples
Hash
MISP Integration
DNSBL (DNS Blacklists
IoC Storage
Minemeld
OpenCTI
[Looks Unmaintained] hippocampe
[Looks unmaintained] YETI
MISP
Log enrichment
Endpoint
Sysmon
Network
ELK for Mikrotik Netflow
Malware Analyse