Other Tools Cortex Cortex allows you to analyze observables such as IP and

Other tools cortex cortex allows you to analyze

This preview shows page 6 - 8 out of 9 pages.

Other Tools Cortex – Cortex allows you to analyze observables such as IP and email addresses, URLs, domain names, files or hashes one by one or in bulk mode using a Web interface. Analysts can also automate these operations using its REST API. Crits – a web-based tool which combines an analytic engine with a cyber threat database domfind domfind is a Python DNS crawler for finding identical domain names under different TLDs. DumpsterFire – The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Fenrir – Fenrir is a simple IOC scanner. It allows scanning any Linux/Unix/OSX system for IOCs in plain bash. Created by the creators of THOR and LOKI Fileintel 1 – Pull intelligence per file hash HELK – Threat Hunting platform Hindsight – Internet history forensics for Google Chrome/Chromium Hostintel – Pull intelligence per host imagemounter – Command line utility and Python package to ease the (un)mounting of forensic disk images Kansa – Kansa is a modular incident response framework in Powershell rastrea2r – allows one to scan disks and memory for IOCs using YARA on Windows, Linux and OS X RaQet – RaQet is an unconventional remote acquisition and triaging tool that allows triage a disk of a remote computer (client) that is restarted with a purposely built forensic operating system Stalk – Collect forensic data about MySQL when problems occur SearchGiant – a commandline utility to acquire forensic data from cloud services Stenographer – Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. It stores as much history as it possible, managing disk usage, and deleting when disk limits are hit. It’s ideal for capturing the traffic just before and during an incident, without the need explicit need to store all of the network traffic sqhunter – a threat hunter based on osquery and Salt Open (SaltStack) that can issue ad-hoc or distributed queries without the need for osquery’s tls plugin. sqhunter allows you to query open network sockets and check them against threat intelligence sources.
Image of page 6
traceroute-circl – traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Usually CSIRT team have to handle incidents based on IP addresses received. Created by Computer Emergency Responce Center Luxembourg X-Ray 2.0 – A Windows utility (poorly maintained or no longer maintained) to submit virus samples to AV vendors Playbooks Demisto Playbooks Collection – Playbooks collection IRM – Incident Response Methodologies by CERT Societe Generale IR Workflow Gallery – Different generic incident response workflows, e.g. for
Image of page 7
Image of page 8

You've reached the end of your free preview.

Want to read all 9 pages?

  • Summer '20
  • Computer Forensics

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes