Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,055 security operations tools
FEATURED
RELATED TASKS
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
Python module for fast packet parsing with TCP/IP protocol definitions.
Python module for fast packet parsing with TCP/IP protocol definitions.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A Python-based engine for automatic creation of timelines in digital forensic analysis
A Python-based engine for automatic creation of timelines in digital forensic analysis
A collection of YARA rules for research and hunting purposes.
Documentation project for Digital Forensics Artifact Repository
Documentation project for Digital Forensics Artifact Repository
A set of interrelated detection rules for improving detection and hunting visibility and context
A set of interrelated detection rules for improving detection and hunting visibility and context
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
SMTP Honeypot with custom modules for different modes of operation.
A Python-based honeypot service for SSH, FTP, and Telnet connections
A Python-based honeypot service for SSH, FTP, and Telnet connections
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
A tool for exploiting SSRF and gaining RCE in various servers
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
A Live CD and Live USB for penetration testing and security assessment
A Live CD and Live USB for penetration testing and security assessment
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
