Collection of tool you need to have in your EDR arsenal.
- The Hives Project - A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
- TheHive - A Scalable, Open Source and Free Security Incident Response Platform
- Cortex - A Powerful Observable Analysis and Active Response Engine
- Hippocampe - Threat Feed Aggregation, Made Easy
- Zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
- Mozzila Mig [Depreciated] : Distributed & real time digital forensics at the speed of the cloud.
- Osquery - Performant endpoint visibility.
Tool to extend Osquery :- AitBnB StreamAlert - StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
- Fleet - A flexible control server for osquery fleets.
- Doorman - An osquery fleet manager.
- Palantir osquery-configuration - A repository for using osquery for incident detection and response.
- Zentral - Zentral is an Event Hub to gather, process, and monitor system events and link them to an inventory.
- Osquery-attck - Mapping the MITRE ATT&CK Matrix with Osquery.
- Osquery Launcher - Osquery launcher, autoupdater, and packager.
- osquery-python - Python bindings for osquery's Thrift API.
- osquery-go - Go bindings for osquery.
- Cuckoo - Cuckoo Sandbox is the leading open source automated malware analysis system (MISP)
- Google GRR - GRR Rapid Response: remote live forensics for incident response.
- Wazuh - The Open Source Security Platform - Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. Wazuh GIT : Lot of ressources for wazuh main software.
- MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- OpenEDR - By Comodo : OpenEDR allows you to analyze what’s happening across your entire environment at base-security-event level.
- Bluespawn : An Active Defense and EDR software to empower Blue Teams.
- OSSEC : OSSEC has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
- Velociraptor : A tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
- Fibratus : A modern tool for Windows kernel exploration and tracing with a focus on security.
- Whids : EDR with artifact collection driven by detection.
- Elkeid : Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless.