Top pick
Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.
dfiredrhuntingendpointsoc
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
5 tools match your filters
Honorable mention
Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.
dfirwindowsevtxthreat-huntinglogs
Also strong
Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.
dfirincident-responsecase-managementsoc
Top pick
Malware sandbox forked from Cuckoo lineage: automated unpacking, configurable machinery, and rich reporting for analysts.
malwaresandboxdfiranalysisdynamic-analysis
Also strong
CERT.pl malware repository and collaboration platform: samples, configs, tags, Karton pipeline integration, and REST API for teams.
malwarethreat-intelligencesharingrepositorydfir