Incident Response Python Packages

volatility3

Volatility 3.0 development

60K 4K 653

cortexutils

Cortex Analyzers Repository

21K 483 397

tenzir

Tenzir is the data pipeline engine for security teams.

13K 737 103

gitgalaxy

An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity

5K 22 0

projectair

Project AIR: forensic reconstruction and incident response for AI agents. Signed AgDR decision records, OWASP ASI01-ASI10 detection, signed forensic evidence exports.

4K 1 0

firefighter-incident

FireFighter is an incident management application, designed to work in Slack, and more.

3K 24 6

intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

3K 1K 313

cortex4py

Python API Client for Cortex

2K 33 31

apiosintds

On demand query API for https://github.com/davidonzo/Threat-Intel project.

2K 58 9

pyvast

Tenzir is the data pipeline engine for security teams.

1K 737 103

chickadee

Yet another IP address enrichment tool

1K 8 1

lerc-control

A client to help with live response activities

989 0 3

resq-mcp

FastMCP server exposing ResQ platform capabilities to AI clients

795 0 1

ransomwatch

ransomwatch is a Python based tool designed for ransomware threat intelligence and security research.

738 4 0

django-incident-response

Monzo's real-time incident response and reporting tool ⚡️

644 2K 171

quell

Open-source multi-agent incident response. Watches logs, investigates in a Docker sandbox, drafts a PR that humans always merge.

641 2 0

luminaut

Casting light on shadow cloud deployments

628 27 2

apple-notes-forensics

Copy-first Apple Notes recovery and review toolkit for macOS, with AI-assisted triage, evidence-backed case Q&A, and a read-mostly MCP server for Codex / Claude Code style local agent workflows.

508 1 1

octantis

Intelligent infrastructure monitoring agent for EKS/K8s

507 2 0

sem-emergency-stop

Quickly stop all Google Ads advertising

468 3 0

phishsage

PhishSage is a lightweight email triage and phishing-analysis toolkit. Extracts headers, attachments, and links, applies heuristic checks, and produces structured insights.

456 2 0

vindicara

Project AIR: forensic reconstruction and incident response for AI agents. Signed AgDR decision records, OWASP ASI01-ASI10 detection, signed forensic evidence exports.

453 1 0

pytenzir

Tenzir is the data pipeline engine for security teams.

447 737 103

bedrock-keys-security

Detect phantom IAM users, decode leaked AWS Bedrock API keys, and prevent LLMjacking. CLI + SCPs + SIEM detection rules.

442 20 1