Best Red Canary Threat Intelligence Alternatives & Competitors in 2026

Sesame IT HOSHI

Curated attack use case platform that feeds threat scenarios into Jizô AI.

detections.ai Detections

Community platform for sharing and creating detection rules with AI

SOC Prime Threat Detection Marketplace

Threat detection marketplace with Sigma rules for SIEM and shift-left detection

Defender Lens

Turn Any Threat into a Detection Rule

Spectrum

Early-access threat detection platform targeting static & manual detection gaps.

Binary Defense Threat Hunting

A managed security service that uses hypothesis-based threat hunting to proactively discover hidden threats, create new detection rules, and improve overall security posture.

LogCraft Detection Engineering

Detection-as-code platform for managing detection rules across SIEM/EDR/XDR

Axur AI-Powered Cyber Threat Intelligence

AI-powered cyber threat intelligence platform with real-time monitoring

Cotool

AI agent platform for SecOps automation, detection tuning, and threat hunting

Cythereal MAGIC EWS

Analyzes stopped attacks to auto-generate YARA rules and IoCs against APTs.

Query.AI Federated Detections

Runs security detections across distributed data sources without SIEM ingestion.

Rilevera

AI platform for continuous detection rule validation, optimization & governance.

Anvilogic AI SOC

AI-powered SOC platform for detection engineering across SIEMs & data lakes

Sigma Query

Searchable repository of Sigma detection rules for threat hunting and SIEM

SOC Prime Uncoder AI

IDE for detection engineering with cross-platform translation for 65+ SIEM/EDR/XDR

AttackRuleMap

A mapping tool that correlates MITRE ATT&CK techniques with atomic tests

The Threat Hunter Playbook

A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.

Malware Signatures Overview

A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.

CardinalOps Threat-Informed Detection Engineering

AI-powered platform that automates detection engineering to expand SIEM & EDR coverage.

Fig Security Operations Resilience

SOC resilience platform detecting & repairing drift in detection rules and pipelines.

Google Security Operations

Cloud-native SIEM, SOAR, and threat intel platform for SecOps teams

Hunters Next-Gen SIEM

Next-gen SIEM with AI-powered triage, automated investigation & detection

aDolus FACT - Malware Detection

FACT detects malware & ransomware in packages using AV scans & YARA rules.

Tenzir TQL

Security data pipeline platform with a query language for log normalization and

Sublime Security Sublime Rules

Open-source detection rules for email attacks like BEC, phishing, and malware

InQuest Labs

The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.

CrowdFMS

CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.

CDI_yara

A collection of YARA rules for public use, built from intelligence profiles and file work.

Canadian Centre for Cyber Security CCCS YARA Specification

Define and validate YARA rule metadata with CCCS YARA Specification.

YaraDbg

A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.

yara-rust

Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.

ThreatKB

Knowledge base workflow management dashboard for YARA rules and C2 artifacts.

KLara

KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.

Signature-Base

YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.

Project Icewater

A project providing open-source YARA rules for malware and malicious file detection

Yara Rule Generator

A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.

Yara Rules Project

A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.

YLS Language Server for YARA Language

YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.

Private Yara Rules Repository

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

GCTI Open Source Detection Signatures

GCTI's open-source detection signatures for malware and threat detection

Shotgunyara

A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.

YARA Rules Collection

Collection of YARA signatures from recent malware research.

Detection Content Repository

Repository for detection content with various types of rules and payloads.

Detection Rules

Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.

Dorothy

Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.

EQL Analytics Library

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

Malware Indicators of Compromise

Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.

event-generator

A testing tool that generates suspect actions to validate and test Falco runtime security monitoring rulesets.