redcanaryco/redcanary-response-utils redcanaryco/redcanary-response-utils

  • Stars
    star
    112
  • Rank 303,520 (Top 7 %)
  • Language
    Python
  • License
    MIT License
  • Created over 6 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
redcanaryco/redcanary-response-utils
github

redcanaryco

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tools to automate and/or expedite response.

Tools to automate and/or expedite response.

Setup

git clone [email protected]:redcanaryco/redcanary-response-utils.git

mkvirtualenv redcanary-response-utils

python setup.py develop


./sensor-util.py

cblr-basic.py

Platforms: Carbon Black (Response)

Execute a basic response plan targeting a single endpoint. Performs the following actions:

  1. Isolate the endpoint.
  2. Kill associated processes.
  3. Ban offending binary file(s).

network-util.py

Platforms: Carbon Black (Response)

Enumerate network connections based on a wide variety of criteria. Includes support for:

  • process- and connection-based whitelists
  • filtering by host type (Workstation or Server)
  • more

process-util.py

Platforms: Carbon Black (Response)

Enumerate processes. This is a performant alternative to timeline.py if you wish to quickly examine process start events only.

sensor-util.py

Platforms: Carbon Black (Response)

Enumerate sensors and output metadata, to include endpoint health.

timeline.py

Platforms: Carbon Black (Response)

Generate a timeline of activity associated with a user, endpoint, or other limiting criteria.

usb-util.py

Platforms: Carbon Black (Response)

Enumerate USB mass storage devices.

NOTE: Only supports enumeration of devices on Windows endpoints.

More Repositories

1

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.
C
9,179
star
2

mac-monitor

Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.
Swift
825
star
3

invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
PowerShell
774
star
4

chain-reactor

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
C
281
star
5

AtomicTestHarnesses

Public Repo for Atomic Test Harness
PowerShell
234
star
6

surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
Python
161
star
7

oxidebpf

A Rust library for managing eBPF programs.
Rust
114
star
8

redcanary-ebpf-sensor

Red Canary's eBPF Sensor
C
85
star
9

ebpfmon

Go
72
star
10

wwhf

Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.
HTML
64
star
11

exploit-primitive-playground

C
55
star
12

vscode-attack

Visual Studio Code extension for MITRE ATT&CK
TypeScript
49
star
13

public-research

Public repository for Red Canary Research
C
31
star
14

cbapi2

Red Canary Carbon Black API
Python
20
star
15

ansible-atomic-red-team

This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
Shell
19
star
16

cb-response-smb1-utility

A simple utility to check the status of and/or disable SMBv1 on Windows system via Cb Response's Live Response functionality.
Python
15
star
17

cbconnect-2019

Ruby
7
star
18

openapi

Public API clients for connecting to the Red Canary APIs
Python
7
star
19

rtlshtree

C++
3
star
20

helm-charts

Red Canary's Public Helm Chart Repository
Smarty
1
star