Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,055 security operations tools
FEATURED
RELATED TASKS
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A tool to profile web applications based on response time discrepancies.
A tool to profile web applications based on response time discrepancies.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
SOAR platform for orchestrating security products and automating SOC workflows
SOAR platform for orchestrating security products and automating SOC workflows
YARA extension for Visual Studio Code with code completion and snippets
YARA extension for Visual Studio Code with code completion and snippets
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
Automated digital image forensics tool
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
3GL is a high-level programming language with a focus on ASM for 6502.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A list of Windows privilege escalation techniques, categorized and explained in detail.
Non-profit organization supporting the advancement of open source software.
Non-profit organization supporting the advancement of open source software.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
