Loading...
detections.ai Detections is a commercial tool developed by detections.ai. Security professionals most commonly compare it with . All 151 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to detections.ai Detections, including their key features and shared capabilities.
Agentic AI threat hunting platform with real-time MITRE ATT&CK intelligence.
Shares 3 capabilities with detections.ai Detections: MITRE Attack, Cyber Threat Intelligence, Detection Rules
Threat detection marketplace with Sigma rules for SIEM and shift-left detection
Shares 3 capabilities with detections.ai Detections: MITRE Attack, Cyber Threat Intelligence, Detection Rules
Proactive threat hunting platform for detecting and investigating attacks
AI-driven threat detection & hunting platform with MITRE ATT&CK analytics
Threat hunting platform with free hunt packages and educational resources.
Federated SecOps platform for threat hunting across SIEMs, EDRs & data lakes.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
Shares 3 capabilities with detections.ai Detections: MITRE Attack, Cyber Threat Intelligence, Detection Rules
AI agent that autonomously validates threat hunt hypotheses across enterprise data
Threat detection marketplace with Sigma rules for SIEM and shift-left detection
Proactive threat hunting platform for detecting and investigating attacks
AI-driven threat detection & hunting platform with MITRE ATT&CK analytics
Threat hunting platform with free hunt packages and educational resources.
Federated SecOps platform for threat hunting across SIEMs, EDRs & data lakes.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
AI agent that autonomously validates threat hunt hypotheses across enterprise data
Human-led threat hunting service for uncovering hidden adversaries
Continuous threat hunting service based on TTP analysis and EDR exploitation
Managed threat hunting service detecting evasive threats in network environments
A managed security service that uses hypothesis-based threat hunting to proactively discover hidden threats, create new detection rules, and improve overall security posture.
Proactive threat hunting platform for detecting adversary infrastructure
Threat hunting platform for credentials, phishing, malicious domains & leaks
Managed threat hunting service combining ML analytics and human expertise
Virtual machine for secure, anonymous dark web investigation via Tor and I2P
Deep OSINT investigation tool for threat actor attribution and analysis
Proactive threat hunting service using threat intel and red team assessments
Real-time monitoring & automated response for blockchain/Web3 security threats
Covert proactive threat hunting platform with remote freeze & forensic analysis.
Managed threat hunting & correlation service with expert analysts.
Runs security detections across distributed data sources without SIEM ingestion.
Enterprise OSINT platform for identity, investigation, and threat monitoring.
Continuous OSINT monitoring platform tracking identities, keywords & topics.
Expands a single malware hash into full family visibility via structural analysis.
Define and validate YARA rule metadata with CCCS YARA Specification.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
A framework for improving detection strategies and alert efficacy.
AI-driven threat hunting platform for SOC alert triage and investigation
Managed threat hunting service with 24/7 expert hunters and AI-powered analysis
Natural language threat hunting and investigation platform for SOC teams
Managed service with human analysts hunting threats across client networks.
Managed threat hunting service for network activity monitoring and analysis
Network threat hunting tool for detecting malicious activity
AI-powered threat hunting platform for detecting lateral movement & insider threats
Proactive threat hunting service to find hidden attackers on client networks.
On-premise AI file repository with continuous malware analysis and retrohunting.
Mobile threat hunting & IR platform detecting spyware, exploits, and anomalies.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
A collection of YARA rules for public use, built from intelligence profiles and file work.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
A project providing open-source YARA rules for malware and malicious file detection
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
Repository for detection content with various types of rules and payloads.
A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
Automate the process of writing YARA rules based on executable code within malware.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A collection of public YARA signatures for various malware families.
Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.
Platform for threat investigation with automation and knowledge management
Real-time runtime visibility platform for detecting active exploitation
Real-time threat monitoring & alerting for blockchain & infrastructure layers
Real-time threat hunting using behavioral analytics & Continuous Attack Graphs.
Malware hunting platform that auto-generates YARA rules from shared code analysis.
A reference guide listing 44 advanced Google search operators for enhanced search filtering and precision in information gathering activities.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Automatically curate open-source Yara rules and run scans with YAYA.
Collects Yara rules from over 150 free resources, a free alternative to Valhalla.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Collection of Yara rules for file identification and classification
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Management portal for LoKi scanner with centralized database for scanning activities.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
A strings statistics calculator for YARA rules to aid malware research.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
Repository of YARA rules for Trellix ATR blogposts and investigations
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A YARA interactive debugger for the YARA language written in Rust, providing features like function calls, constant evaluation, and string matching.
A repository to aid Windows threat hunters in looking for common artifacts.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A set of interrelated detection rules for improving detection and hunting visibility and context
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
Hyara is a plugin that simplifies writing YARA rules with various convenient features.
YARA extension for Visual Studio Code with code completion and snippets
A powerful tool for detecting and identifying malware using a rule-based system.
A network recon framework including tools for passive and active recon
A web-based manager for Yara rules, allowing for storage, editing, and management of Yara rules.
Tool for visualizing correspondences between YARA ruleset and samples
Embeddable Yara library for Java with support for loading rules and scanning data.
Companion repository for deploying osquery in a production environment with tailored query packs.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
Official repository of YARA rules for threat detection and hunting
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
Curated datasets for developing and testing detections in SIEM installations.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
A repository of YARA rules for identifying and classifying malware through pattern-based detection.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.
A simple maturity model for enterprise detection and response
A free and open-source OSINT framework for gathering and analyzing data from various sources
A powerful OSINT tool for creating custom templates for data extraction and analysis
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
Common questions security professionals ask when evaluating alternatives and competitors to detections.ai Detections.
The most popular alternatives to detections.ai Detections include TruKno, SOC Prime Threat Detection Marketplace, Cybereason Threat Hunting, Gambit KnightGuard for Threat Hunting & Detection, and Cyborg Security HUNTER. These Threat Hunting tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
