gabrielrodri33/blue-team-toolkit

# blue-team-toolkit 🛡️ A collection of Python scripts and tools for Blue Team operations — log analysis, intrusion detection, endpoint monitoring, threat hunting, incident response and SIEM correlation. ## Modules | Module | Description | |--------|-------------| | log-analysis | Parse and detect anomalies in system/app logs | | ids | Real-time network intrusion detection | | endpoint-monitor | Process, file integrity and connection tracking | | threat-hunting | IoC scanning with public threat intel feeds | | incident-response | Evidence collection, timeline and report generation | | siem | Multi-source event correlation with rule engine | ## Requirements - Python 3.10+ - Dependencies: see requirements.txt ## Setup git clone https://github.com/gabrielrodri33/blue-team-toolkit cd blue-team-toolkit pip install -r requirements.txt ## Usage Each module has its own README with examples. Start with log-analysis/. ## Documentation Full documentation is available in the [Wiki](https://github.com/gabrielrodri33/blue-team-toolkit/wiki): - [Setup & Installation](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/Setup-&-Installation) - [Architecture & Data Flow](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/Architecture) - [log-analysis](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/log-analysis) - [ids](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/ids) - [endpoint-monitor](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/endpoint-monitor) - [threat-hunting](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/threat-hunting) - [incident-response](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/incident-response) - [siem](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/siem) - [Contributing](https://github.com/gabrielrodri33/blue-team-toolkit/wiki/Contributing) ## Roadmap - [ ] log-analysis - [ ] ids - [ ] endpoint-monitor - [ ] threat-hunting - [ ] incident-response - [ ] siem ## Author Gabriel Siqueira — [LinkedIn](https://linkedin.com/in/gabrielrodri)