Kansa
A modular PowerShell framework for enterprise incident response and breach hunting using remote data collection.
What is Kansa?
Kansa is a modular incident response framework built in PowerShell that enables security teams to collect forensic data from multiple Windows hosts remotely. It is designed to assist in breach investigations, threat hunting, and establishing system baselines across enterprise environments. The framework uses PowerShell Remoting to execute specialized modules that gather and structure system information for analysis.
Security analysts, incident responders, and IT administrators in Windows-based enterprises who need to perform scalable forensic data collection and threat hunting across networked systems.
Developers choose Kansa for its lightweight, scriptable approach to incident response that leverages native PowerShell capabilities, avoiding the need for heavy agents or complex infrastructure. Its modular design allows for easy customization and extension, making it adaptable to specific investigative needs while maintaining compatibility with older Windows environments.
Overview
A Powershell incident response framework
Use Cases
Best For
- Collecting forensic data from multiple Windows hosts during a security incident
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
