Threat Management Tools
Threat management tools for threat intelligence, advanced persistent threat detection, and cyber threat analysis.
Browse 450 threat management tools
FEATURED
USE CASES
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A program to extract IOCs from text files using regular expressions
A tool for extracting IOCs from various input sources and converting them into JSON format.
A tool for extracting common indicators of compromise from a block of text.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
A modular malware collection and processing framework with support for various threat intelligence feeds.
Public access to Indicators of Compromise (IoCs) and other data for readers of Security Scorecard's technical blog posts and reports.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
A Pythonic interface to the Internet Storm Center / DShield API
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.
SeaSponge is an accessible web-based threat modeling tool with a focus on accessibility, aesthetics, and intuitive user experience.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
Threat Management Specializations
450 tools across 4 specializations · 174 free, 276 commercial
Advanced Persistent Threat Detection
APT detection tools that identify sophisticated, long-term cyber attacks and advanced persistent threat campaigns.
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
Threat Modeling
Threat modeling tools for identifying security risks, attack vectors, and potential threats in system architectures.
Threat Management Tools FAQ
Common questions about Threat Management tools, selection guides, pricing, and comparisons.
A TIP aggregates threat data from multiple sources (commercial feeds, open-source, ISACs, internal telemetry), normalizes it into structured formats (STIX/TAXII), and distributes indicators of compromise (IOCs) to your security tools. You need a TIP if you consume multiple threat feeds, want to correlate external intelligence with internal incidents, or need to share intelligence with peers and ISACs.
Penetration testing is a point-in-time assessment where human testers attempt to find and exploit vulnerabilities. Threat simulation (breach and attack simulation) continuously and automatically tests your security controls against known attack techniques mapped to MITRE ATT&CK. Pen testing finds novel vulnerabilities; threat simulation validates that your defenses work against known attacks on an ongoing basis.
Threat modeling identifies potential security threats during the design phase, before any code is written. By systematically analyzing data flows, trust boundaries, and attack surfaces, teams can prioritize which threats to mitigate architecturally rather than patching vulnerabilities after deployment. Common frameworks include STRIDE, PASTA, and attack trees.
