Security Operations
Tols and platforms for managing and optimizing security operations centers (SOCs).Explore 149 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A collaborative and open-source incident response platform for sharing observables among analysts.
A collaborative and open-source incident response platform for sharing observables among analysts.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.
Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.
Companion repository for deploying osquery in a production environment with tailored query packs.
Companion repository for deploying osquery in a production environment with tailored query packs.
A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.
A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
Enhances Windows OS security through system modifications and settings adjustments.
Enhances Windows OS security through system modifications and settings adjustments.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.
Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
Fast suspicious file finder for threat hunting and live forensics.
Fast suspicious file finder for threat hunting and live forensics.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.
Open-source, free, and scalable cyber threat intelligence and security incident response solution with improved performance and new features.