Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,166 security operations tools
FEATURED
RELATED TASKS
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
A simple, self-contained modular host-based IOC scanner for incident responders.
A simple, self-contained modular host-based IOC scanner for incident responders.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
A Python library to interface with a cuckoo-modified instance.
A Python library to interface with a cuckoo-modified instance.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
A Go-based honeypot server for detecting and logging attacker activity
A Go-based honeypot server for detecting and logging attacker activity
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
A software that collects forensic artifacts on systems for forensic investigations.
A software that collects forensic artifacts on systems for forensic investigations.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
