Free SOCFortress Provided DFIR-IRIS Modules
Seamlessly integrate DFIR-IRIS with tools such as Velociraptor, Cortex, and more!
As technology advances, so do the security threats that come with it. With the ever-evolving nature of these threats, organizations need to be able to quickly identify and respond to potential incidents to minimize the damage. DFIR-IRIS, an open-source platform for case management and incident response, has become a popular tool in the cybersecurity community. However, to make the most out of this platform, additional modules are required. To support the SOCFortress World’s Best Free SIEM Stack Video Series, we are providing DFIR-IRIS modules to help build upon an already robust case management platform and spark ideas for other members of the community!
- ASK SOCFortress
- Cortex Analyzer
- Wazuh-Indexer
- Quarantine (Linux and Windows)
- Remove Quarantine
- Velociraptor Artifact
Get started with your own DFIR-IRIS deployment here: Your Open-Source Incident Response Platform
ASK SOCFortress
Link to repo: https://github.com/socfortress/ASK-SOCFortress
Welcome to Your Open-Source SOC Assistant, your go-to solution for improving your organization’s security operations center (SOC). ASK SOCFortress help analysts investigate alerts that pertain to IPs, domains, and file hashes. ASK SOCFortress streamlines and simplifies SOC investigations, saving time and improving accuracy.
Cortex Analyzer
Link to repo: https://github.com/socfortress/iris-cortexanalyzer-module
Integrate DFIR-IRIS with Cortex and take advantage of running Cortex analyzers with ease.
Deploy your own Cortex server: Maximizing Threat Detection and Response with Cortex
Wazuh-Indexer
Link to repo: https://github.com/socfortress/iris-wazuhindexer-module
Use the Wazuh-Indexer module to quickly search your logs with Wazuh-Indexer module to spot IoCs. This module is designed to help SOC analysts quickly spot any other endpoints that have the same IoCs associated with their ingested events.
Deploy your own Wazuh-Indexer: Part 1. Wazuh Indexer — SIEM Backend
Quarantine / Remove Quarantine
Link to repo (Quarantine): https://github.com/socfortress/iris-veloquarantine-module
Link to repo (Remove Quarantine): https://github.com/socfortress/iris-veloquarantineremove-module
Quarantine any Linux or Windows host straight from IRIS. Integrating with Velociraptor provides the ability to do just that!
Deploy your own Velociraptor server: FREE Incident Response With Velociraptor
Velociraptor Artifact
Link to repo: https://github.com/socfortress/iris-velociraptorartifact-module
Run any Velociraptor Artifact on a Windows or Linux Endpoint. Collect installed Binaries, dump browser history, and much more!
Deploy your own Velociraptor server: FREE Incident Response With Velociraptor
We hope these modules can be used to support your own World’s Best SIEM Stack!
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Professional Services: https://www.socfortress.co/ps.html
