Tools

Honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks.

Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

UNIX-like reverse engineering framework and command-line toolset

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs.

♂ Collect a dossier on a person by username from 3000+ sites

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

A cloud native data pipeline and transformation toolkit for security teams.

High-speed log analysis and forensics tool with multi-format parsing, pattern matching, timeline reconstruction and anomaly detection for incident response.

Collaborative forensic timeline analysis

UNIX-like reverse engineering framework and command-line toolset.