untitledgoosetool
Incident responder
A tool for investigating and responding to security incidents in cloud-based Microsoft environments.
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
913 stars
17 watching
80 forks
Language: Python
last commit: about 2 months ago
Linked from 1 awesome list
fabacab/awesome-cybersecurity-blueteamRelated projects:
| Repository | Description | Stars |
|---|---|---|
 jimtin/ircoreforensicframework | Automates incident response actions to gather and process forensic artefacts from remote systems | 22 |
 binarydefense/goatrider | Tool to compare IP addresses or hostnames to threat intelligence feeds and detect potential security threats. | 138 |
 aliuygur/gores | Utility library providing a set of pre-built HTTP response handlers for building RESTful APIs. | 104 |
 vespperhq/vespper | An AI-powered on-call engineer tool that automates incident investigation and provides contextual insights | 287 |
 thalesgroup-cert/watcher | Automated platform for discovering and analyzing cybersecurity threats targeting an organization | 862 |
 tclahr/uac | Automates incident response data collection from various operating systems | 797 |
 azuread/azure-ad-incident-response-powershell-module | Provides tools to help respond to security incidents in Azure Active Directory by automating tasks and data retrieval. | 421 |
 cgosec/blauhaunt | A tool collection for analyzing and visualizing logon events to help answer security-related questions | 161 |
 cryps1s/darksurgeon | A tool designed to empower incident response and digital forensics by providing a preconfigured Windows environment with necessary tools and scripts. | 463 |
 harpia-io/harpia | An incident management system that collects events from different systems and automates the detection, investigation, and resolution of production incidents. | 22 |
| cisagov/scubagear | Automates compliance assessment of Microsoft 365 configurations against CISA security standards | 1,695 |
 certsocietegenerale/fir | A cybersecurity incident management platform for tracking and managing security incidents in real-time. | 1,734 |
 demisto/cops | Standardized framework for creating and sharing incident response processes in a shared language | 150 |
| cisagov/malcolm | A network traffic analysis tool suite that accepts various data formats and provides visualization and incident response capabilities. | 1,962 |
 cyberdefenseinstitute/cdir | A tool designed to collect data from Windows systems during an incident response | 154 |