Security Operations
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
Browse 2,166 security operations tools
FEATURED
RELATED TASKS
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Repository of YARA rules for Trellix ATR blogposts and investigations
Repository of YARA rules for Trellix ATR blogposts and investigations
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
A command-line tool for managing and analyzing Microsoft Forefront TMG and UAG configurations.
A command-line tool for managing and analyzing Microsoft Forefront TMG and UAG configurations.
Incident Response Documentation tool for tracking findings and tasks.
Incident Response Documentation tool for tracking findings and tasks.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Detect signed malware and track stolen code-signing certificates using osquery.
Detect signed malware and track stolen code-signing certificates using osquery.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
libevt is a library to access and parse Windows Event Log (EVT) files.
libevt is a library to access and parse Windows Event Log (EVT) files.
A unified repository for different Metasploit Framework payloads.
A unified repository for different Metasploit Framework payloads.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
A honeypot tool that simulates an open relay to capture and analyze spam
A honeypot tool that simulates an open relay to capture and analyze spam
A tool for processing compiled YARA rules in IDA.
A tool for processing compiled YARA rules in IDA.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
A proof of concept for using the SSM Agent in Fargate for incident response
A proof of concept for using the SSM Agent in Fargate for incident response
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
Honeypot for Telnet service with configurable settings.
Security Operations Tools - FAQ
Common questions about Security Operations tools including selection guides, pricing, and comparisons.
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management.
