Incident Playbook alternatives for AI agents.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

AssemblyLine 4: File triage and malware analysis

Volatility 3.0 development

Digging Deeper....

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control. Enhance your CTI workflow from analysis to reporting—all in one secure space.

Monzo's real-time incident response and reporting tool ⚡️

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.

Collaborative Incident Response platform

Cortex: a Powerful Observable Analysis and Active Response Engine

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.