Threat Management Tools
Threat management tools for threat intelligence, advanced persistent threat detection, and cyber threat analysis.
Browse 450 threat management tools
FEATURED
USE CASES
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
Open Source Threat Intelligence Gathering and Processing Framework
GCTI's open-source detection signatures for malware and threat detection
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.
A tool to extract indicators of compromise from security reports in PDF format.
A utility to generate malicious network traffic for security evaluation.
AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
API for querying domain security information, categorization, and related data.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
A daily collection of IOCs from various sources, including articles and tweets.
Taxii2 server for interacting with taxii services.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
Threat Management Specializations
450 tools across 4 specializations · 174 free, 276 commercial
Advanced Persistent Threat Detection
APT detection tools that identify sophisticated, long-term cyber attacks and advanced persistent threat campaigns.
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
Threat Modeling
Threat modeling tools for identifying security risks, attack vectors, and potential threats in system architectures.
Threat Management Tools FAQ
Common questions about Threat Management tools, selection guides, pricing, and comparisons.
A TIP aggregates threat data from multiple sources (commercial feeds, open-source, ISACs, internal telemetry), normalizes it into structured formats (STIX/TAXII), and distributes indicators of compromise (IOCs) to your security tools. You need a TIP if you consume multiple threat feeds, want to correlate external intelligence with internal incidents, or need to share intelligence with peers and ISACs.
Penetration testing is a point-in-time assessment where human testers attempt to find and exploit vulnerabilities. Threat simulation (breach and attack simulation) continuously and automatically tests your security controls against known attack techniques mapped to MITRE ATT&CK. Pen testing finds novel vulnerabilities; threat simulation validates that your defenses work against known attacks on an ongoing basis.
Threat modeling identifies potential security threats during the design phase, before any code is written. By systematically analyzing data flows, trust boundaries, and attack surfaces, teams can prioritize which threats to mitigate architecturally rather than patching vulnerabilities after deployment. Common frameworks include STRIDE, PASTA, and attack trees.
