├── .github
    ├── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   ├── config.yml
    │   ├── feature_request.md
    │   └── question.md
    └── pull_request_template.md
├── .gitignore
├── README.md
├── VERSION.txt
├── app
    ├── c_processnode.py
    ├── c_processtree.py
    ├── parsers
    │   ├── basic_strip.py
    │   ├── childprocess.py
    │   ├── ecs_sysmon.py
    │   ├── key_value.py
    │   ├── ports.py
    │   ├── process.py
    │   ├── processguids.py
    │   └── sysmon.py
    ├── requirements
    │   ├── base_requirement.py
    │   ├── basic.py
    │   ├── has_property.py
    │   └── source_fact.py
    └── response_svc.py
├── conf
    └── response.yml
├── data
    ├── abilities
    │   ├── command-and-control
    │   │   └── 1837b43e-4fff-46b2-a604-a602f7540469.yml
    │   ├── detection
    │   │   ├── 1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml
    │   │   ├── 1b4aa8d5-ba97-4b9b-92a3-eaaaffbfdf0a.yml
    │   │   ├── 3b4640bc-eacb-407a-a997-105e39788781.yml
    │   │   ├── 77272c88-ccf5-4225-a3d9-f9e171d1ca5b.yml
    │   │   ├── 8bc73098-54d1-4f69-abd5-271e3e2da5df.yml
    │   │   ├── 930236c2-5397-4868-8c7b-72e294a5a376.yml
    │   │   ├── 9bc10f37-0853-4d73-b547-019c11eda22f.yml
    │   │   └── ee54384f-cfbc-4228-9dc1-cc5632307afb.yml
    │   ├── elastic_hunting
    │   │   ├── 4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml
    │   │   ├── b419604e-6f82-40a4-b215-12f8c8156c2f.yml
    │   │   └── bf565e6a-0037-4aa4-852f-1afa222c76db.yml
    │   ├── hunt
    │   │   └── f9b3eff0-e11c-48de-9338-1578b351b14b.yml
    │   ├── response
    │   │   ├── 02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml
    │   │   ├── 0fccf23f-6b1a-4ef3-8c89-e8bf27a1858f.yml
    │   │   ├── 13d0d9cf-e31a-47b6-9217-f38e3f7c25ef.yml
    │   │   ├── 2331077e-7be9-4e89-b2bb-32e8d7f6a708.yml
    │   │   ├── 2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml
    │   │   ├── 32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml
    │   │   ├── 4744d99f-5fea-42a8-8ec4-c228db57caea.yml
    │   │   ├── 5ec7ae3b-c909-41bb-9b6b-dadec409cd40.yml
    │   │   ├── 90418255-b202-4fc3-b0ea-b105bff39ca5.yml
    │   │   ├── bf01fdc9-d801-4461-81df-e511efb3c1fc.yml
    │   │   ├── cb85039a-6196-4262-883b-0beeb804b83d.yml
    │   │   ├── debd322d-2100-45f7-8832-29ef7c56786d.yml
    │   │   ├── e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml
    │   │   └── f5fb8bce-4a79-466a-8187-ed0cd8e8dbe1.yml
    │   └── setup
    │   │   ├── 243053d2-13c1-47f0-832d-6ef02ba95e1a.yml
    │   │   ├── 2ed3c315-2022-499e-a844-1bbd119d0abe.yml
    │   │   ├── 34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml
    │   │   ├── 622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml
    │   │   ├── 83d7cf63-e10a-4615-a92e-dce257bf3b9d.yml
    │   │   ├── 90a67a85-e81c-4525-8bae-12a2c5787d9a.yml
    │   │   ├── a65a62e1-b8c0-4f88-b564-166e7499d560.yml
    │   │   ├── ba907d7a-b334-47e7-b652-4e481b5aa534.yml
    │   │   ├── df9d2b83-b40f-4167-af75-31ddde59af7e.yml
    │   │   └── f313a0d7-2327-4f69-8da4-a6efd6135121.yml
    ├── adversaries
    │   ├── 169cdc73-8fea-49cf-9021-d0b3c24e2b17.yml
    │   ├── 7e422753-ad7a-4401-bc8b-b12a28e69c25.yml
    │   ├── D21B9E7F-CFF5-4030-AD28-388085F8A815.yml
    │   └── f61e3fc0-43d8-4b36-b5d3-710610b92974.yml
    └── sources
    │   └── e1ceccf2-92b3-4a28-ade5-5f67a2dfd7e7.yml
├── gui
    └── views
    │   └── response.vue
├── hook.py
├── payloads
    └── elasticat.py
└── templates
    └── response.html


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/.github/ISSUE_TEMPLATE/bug_report.md


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/.github/ISSUE_TEMPLATE/config.yml


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/.github/ISSUE_TEMPLATE/feature_request.md


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/question.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/.github/ISSUE_TEMPLATE/question.md


--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/.github/pull_request_template.md


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .idea/*
3 | **/__pycache__/
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/README.md


--------------------------------------------------------------------------------
/VERSION.txt:
--------------------------------------------------------------------------------
1 | 2.9.0-f64d85da6a9fefecf8c70724966a82ad
2 | 


--------------------------------------------------------------------------------
/app/c_processnode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/c_processnode.py


--------------------------------------------------------------------------------
/app/c_processtree.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/c_processtree.py


--------------------------------------------------------------------------------
/app/parsers/basic_strip.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/basic_strip.py


--------------------------------------------------------------------------------
/app/parsers/childprocess.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/childprocess.py


--------------------------------------------------------------------------------
/app/parsers/ecs_sysmon.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/ecs_sysmon.py


--------------------------------------------------------------------------------
/app/parsers/key_value.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/key_value.py


--------------------------------------------------------------------------------
/app/parsers/ports.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/ports.py


--------------------------------------------------------------------------------
/app/parsers/process.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/process.py


--------------------------------------------------------------------------------
/app/parsers/processguids.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/processguids.py


--------------------------------------------------------------------------------
/app/parsers/sysmon.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/parsers/sysmon.py


--------------------------------------------------------------------------------
/app/requirements/base_requirement.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/requirements/base_requirement.py


--------------------------------------------------------------------------------
/app/requirements/basic.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/requirements/basic.py


--------------------------------------------------------------------------------
/app/requirements/has_property.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/requirements/has_property.py


--------------------------------------------------------------------------------
/app/requirements/source_fact.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/requirements/source_fact.py


--------------------------------------------------------------------------------
/app/response_svc.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/app/response_svc.py


--------------------------------------------------------------------------------
/conf/response.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/conf/response.yml


--------------------------------------------------------------------------------
/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml


--------------------------------------------------------------------------------
/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml


--------------------------------------------------------------------------------
/data/abilities/detection/1b4aa8d5-ba97-4b9b-92a3-eaaaffbfdf0a.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/1b4aa8d5-ba97-4b9b-92a3-eaaaffbfdf0a.yml


--------------------------------------------------------------------------------
/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml


--------------------------------------------------------------------------------
/data/abilities/detection/77272c88-ccf5-4225-a3d9-f9e171d1ca5b.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/77272c88-ccf5-4225-a3d9-f9e171d1ca5b.yml


--------------------------------------------------------------------------------
/data/abilities/detection/8bc73098-54d1-4f69-abd5-271e3e2da5df.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/8bc73098-54d1-4f69-abd5-271e3e2da5df.yml


--------------------------------------------------------------------------------
/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml


--------------------------------------------------------------------------------
/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml


--------------------------------------------------------------------------------
/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml


--------------------------------------------------------------------------------
/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml


--------------------------------------------------------------------------------
/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml


--------------------------------------------------------------------------------
/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml


--------------------------------------------------------------------------------
/data/abilities/hunt/f9b3eff0-e11c-48de-9338-1578b351b14b.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/hunt/f9b3eff0-e11c-48de-9338-1578b351b14b.yml


--------------------------------------------------------------------------------
/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml


--------------------------------------------------------------------------------
/data/abilities/response/0fccf23f-6b1a-4ef3-8c89-e8bf27a1858f.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/0fccf23f-6b1a-4ef3-8c89-e8bf27a1858f.yml


--------------------------------------------------------------------------------
/data/abilities/response/13d0d9cf-e31a-47b6-9217-f38e3f7c25ef.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/13d0d9cf-e31a-47b6-9217-f38e3f7c25ef.yml


--------------------------------------------------------------------------------
/data/abilities/response/2331077e-7be9-4e89-b2bb-32e8d7f6a708.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/2331077e-7be9-4e89-b2bb-32e8d7f6a708.yml


--------------------------------------------------------------------------------
/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml


--------------------------------------------------------------------------------
/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml


--------------------------------------------------------------------------------
/data/abilities/response/4744d99f-5fea-42a8-8ec4-c228db57caea.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/4744d99f-5fea-42a8-8ec4-c228db57caea.yml


--------------------------------------------------------------------------------
/data/abilities/response/5ec7ae3b-c909-41bb-9b6b-dadec409cd40.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/5ec7ae3b-c909-41bb-9b6b-dadec409cd40.yml


--------------------------------------------------------------------------------
/data/abilities/response/90418255-b202-4fc3-b0ea-b105bff39ca5.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/90418255-b202-4fc3-b0ea-b105bff39ca5.yml


--------------------------------------------------------------------------------
/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml


--------------------------------------------------------------------------------
/data/abilities/response/cb85039a-6196-4262-883b-0beeb804b83d.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/cb85039a-6196-4262-883b-0beeb804b83d.yml


--------------------------------------------------------------------------------
/data/abilities/response/debd322d-2100-45f7-8832-29ef7c56786d.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/debd322d-2100-45f7-8832-29ef7c56786d.yml


--------------------------------------------------------------------------------
/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml


--------------------------------------------------------------------------------
/data/abilities/response/f5fb8bce-4a79-466a-8187-ed0cd8e8dbe1.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/response/f5fb8bce-4a79-466a-8187-ed0cd8e8dbe1.yml


--------------------------------------------------------------------------------
/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml


--------------------------------------------------------------------------------
/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml


--------------------------------------------------------------------------------
/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml


--------------------------------------------------------------------------------
/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml


--------------------------------------------------------------------------------
/data/abilities/setup/83d7cf63-e10a-4615-a92e-dce257bf3b9d.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/83d7cf63-e10a-4615-a92e-dce257bf3b9d.yml


--------------------------------------------------------------------------------
/data/abilities/setup/90a67a85-e81c-4525-8bae-12a2c5787d9a.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/90a67a85-e81c-4525-8bae-12a2c5787d9a.yml


--------------------------------------------------------------------------------
/data/abilities/setup/a65a62e1-b8c0-4f88-b564-166e7499d560.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/a65a62e1-b8c0-4f88-b564-166e7499d560.yml


--------------------------------------------------------------------------------
/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml


--------------------------------------------------------------------------------
/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml


--------------------------------------------------------------------------------
/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml


--------------------------------------------------------------------------------
/data/adversaries/169cdc73-8fea-49cf-9021-d0b3c24e2b17.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/adversaries/169cdc73-8fea-49cf-9021-d0b3c24e2b17.yml


--------------------------------------------------------------------------------
/data/adversaries/7e422753-ad7a-4401-bc8b-b12a28e69c25.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/adversaries/7e422753-ad7a-4401-bc8b-b12a28e69c25.yml


--------------------------------------------------------------------------------
/data/adversaries/D21B9E7F-CFF5-4030-AD28-388085F8A815.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/adversaries/D21B9E7F-CFF5-4030-AD28-388085F8A815.yml


--------------------------------------------------------------------------------
/data/adversaries/f61e3fc0-43d8-4b36-b5d3-710610b92974.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/adversaries/f61e3fc0-43d8-4b36-b5d3-710610b92974.yml


--------------------------------------------------------------------------------
/data/sources/e1ceccf2-92b3-4a28-ade5-5f67a2dfd7e7.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/data/sources/e1ceccf2-92b3-4a28-ade5-5f67a2dfd7e7.yml


--------------------------------------------------------------------------------
/gui/views/response.vue:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/gui/views/response.vue


--------------------------------------------------------------------------------
/hook.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/hook.py


--------------------------------------------------------------------------------
/payloads/elasticat.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/payloads/elasticat.py


--------------------------------------------------------------------------------
/templates/response.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitre/response/HEAD/templates/response.html


--------------------------------------------------------------------------------