Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,060 security operations tools
FEATURED
RELATED TASKS
A tool for sorting YARA rules based on metadata.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
MockSSH is a testing tool that emulates operating systems behind SSH servers to enable automation testing without requiring access to real servers.
MockSSH is a testing tool that emulates operating systems behind SSH servers to enable automation testing without requiring access to real servers.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
A library for working with Windows NT data types, providing access and manipulation functions.
A library for working with Windows NT data types, providing access and manipulation functions.
A modular web application honeypot framework with automation and logging capabilities.
A modular web application honeypot framework with automation and logging capabilities.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
Binary analysis and management framework for organizing malware and exploit samples.
Binary analysis and management framework for organizing malware and exploit samples.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
A low-interaction honeypot for detecting and analyzing security threats
A low-interaction honeypot for detecting and analyzing security threats
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Repository of YARA rules for Trellix ATR blogposts and investigations
Repository of YARA rules for Trellix ATR blogposts and investigations
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
A command-line tool for managing and analyzing Microsoft Forefront TMG and UAG configurations.
A command-line tool for managing and analyzing Microsoft Forefront TMG and UAG configurations.
Incident Response Documentation tool for tracking findings and tasks.
Incident Response Documentation tool for tracking findings and tasks.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Detect signed malware and track stolen code-signing certificates using osquery.
Detect signed malware and track stolen code-signing certificates using osquery.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
