Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Explore 1726 curated cybersecurity tools, with 15,161 visitors searching for solutions
FEATURED
RELATED TASKS
An observation camera honeypot for proof-of-concept purposes
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A simple SSH honeypot written in Golang with a Persian-inspired name.
A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.
A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
A community-led project focused on standardizing security event logs.
A community-led project focused on standardizing security event logs.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
A backend agnostic debugger frontend for debugging binaries without source code access.
A backend agnostic debugger frontend for debugging binaries without source code access.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A security framework for process isolation and sandboxing based on capability-based security principles.
A security framework for process isolation and sandboxing based on capability-based security principles.
A console program for file recovery through data carving.
A console program for file recovery through data carving.
A Python script for scanning data within an IDB using Yara
A Python script for scanning data within an IDB using Yara
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Python 3 tool for parsing Yara rules with ongoing development.
Python 3 tool for parsing Yara rules with ongoing development.
cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.
cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
