untitledgoosetool
Incident responder
A tool for investigating and responding to security incidents in cloud-based Microsoft environments.
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
917 stars
17 watching
80 forks
Language: Python
last commit: 12 months ago
Linked from 1 awesome list
fabacab/awesome-cybersecurity-blueteamRelated projects:
| Repository | Description | Stars |
|---|---|---|
 jimtin/ircoreforensicframework | Automates incident response actions to gather and process forensic artefacts from remote systems | 22 |
 binarydefense/goatrider | Tool to compare IP addresses or hostnames to threat intelligence feeds and detect potential security threats. | 138 |
 aliuygur/gores | Utility library providing a set of pre-built HTTP response handlers for building RESTful APIs. | 104 |
 vespperhq/vespper | An AI-powered on-call engineer tool that automatically investigates incidents and provides contextual insights | 305 |
 thalesgroup-cert/watcher | Automated platform for discovering and analyzing cybersecurity threats targeting an organization | 869 |
 tclahr/uac | Automates incident response data collection from various operating systems | 824 |
 azuread/azure-ad-incident-response-powershell-module | Provides tools to help respond to security incidents in Azure Active Directory by automating tasks and data retrieval. | 424 |
 cgosec/blauhaunt | A tool collection for analyzing and visualizing logon events to help answer security-related questions | 164 |
 cryps1s/darksurgeon | A tool designed to empower incident response and digital forensics by providing a preconfigured Windows environment with necessary tools and scripts. | 464 |
 harpia-io/harpia | A platform for detecting and resolving production incidents in real-time | 22 |
| cisagov/scubagear | Automates assessment of Microsoft 365 tenant configurations against CISA's Secure Configuration Baseline policies | 1,813 |
 certsocietegenerale/fir | A cybersecurity incident management platform for tracking and managing security incidents in real-time. | 1,751 |
 demisto/cops | Standardized framework for creating and sharing incident response processes in a shared language | 151 |
| cisagov/malcolm | A network traffic analysis tool suite that accepts various data formats and provides visualization and incident response capabilities. | 2,001 |
 cyberdefenseinstitute/cdir | A tool designed to collect data from Windows systems during an incident response | 154 |