Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,055 security operations tools
FEATURED
RELATED TASKS
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
A tool for creating custom detection rules from YAML input
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
Hived is a honeypot tool for deceiving attackers and gathering information.
Hived is a honeypot tool for deceiving attackers and gathering information.
Repository for detection content with various types of rules and payloads.
Repository for detection content with various types of rules and payloads.
Low interaction MySQL honeypot with various configuration options.
Low interaction MySQL honeypot with various configuration options.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
Advanced computer forensics software with efficient features.
Advanced computer forensics software with efficient features.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
A set of Go-based emulators for testing network security and analyzing network traffic.
A set of Go-based emulators for testing network security and analyzing network traffic.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
