A DF/IR case management tool that provides a unified workspace for investigators enabling key workflows to be completed without switching between multiple applications.
Works with SOD (Spreadsheet of Doom) and similar spreadsheet formats..
Some of the key features and workflows are shown below. To view full details, please visit the GitHub page.
Building timelines from Excel manually? Nah, I’d rather wrestle a raccoon. At least that’s over faster.
Trying to explain what’s going on without a visual? It's like describing a movie scene using just smoke signals. A timeline chart just makes life so much easier.
Correlate MITRE ATT&CK detections with the D3FEND Matrix to mitigate threats identified during an investigation
VERIS is basically a way to keep track of cybersecurity incidents in a simple, consistent way. It helps teams share info about what happened, how it happened, and the damage done so everyone can learn and improve security.
Markdown files are simple text files where you write using easy formatting. They’re great for quickly making notes or writing how-to playbooks.
The external lookup helps the investigator quickly search various threat intel feeds while responding to an incident.
This helps to bookmark known sources, which will be useful during the investigation.