Threat Management Tools
Threat management tools for threat intelligence, advanced persistent threat detection, and cyber threat analysis.
Browse 450 threat management tools
FEATURED
USE CASES
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
APT Simulator is a tool for simulating a compromised system on Windows.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
A robust Python implementation of TAXII Services with a friendly pythonic API.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
A collection of APT and cybercriminals campaigns with various resources and references.
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
Threat intelligence platform providing real-time threat data and insights.
IP intelligence, geolocation, proxy detection, and fraud prevention service
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
Threat Management Specializations
450 tools across 4 specializations · 174 free, 276 commercial
Advanced Persistent Threat Detection
APT detection tools that identify sophisticated, long-term cyber attacks and advanced persistent threat campaigns.
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
Threat Modeling
Threat modeling tools for identifying security risks, attack vectors, and potential threats in system architectures.
Threat Management Tools FAQ
Common questions about Threat Management tools, selection guides, pricing, and comparisons.
A TIP aggregates threat data from multiple sources (commercial feeds, open-source, ISACs, internal telemetry), normalizes it into structured formats (STIX/TAXII), and distributes indicators of compromise (IOCs) to your security tools. You need a TIP if you consume multiple threat feeds, want to correlate external intelligence with internal incidents, or need to share intelligence with peers and ISACs.
Penetration testing is a point-in-time assessment where human testers attempt to find and exploit vulnerabilities. Threat simulation (breach and attack simulation) continuously and automatically tests your security controls against known attack techniques mapped to MITRE ATT&CK. Pen testing finds novel vulnerabilities; threat simulation validates that your defenses work against known attacks on an ongoing basis.
Threat modeling identifies potential security threats during the design phase, before any code is written. By systematically analyzing data flows, trust boundaries, and attack surfaces, teams can prioritize which threats to mitigate architecturally rather than patching vulnerabilities after deployment. Common frameworks include STRIDE, PASTA, and attack trees.
Yes. Out of 24 threat management tools listed on CybersecTools, 23 are free and 1 are commercial. Free tools work well for small teams, testing, and budget-conscious organizations. Commercial tools typically add enterprise features, dedicated support, and SLA guarantees.
