Security Operations
Explore 139 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Endian Network is a centralized management platform for lifecycle management, updates, and monitoring of Endian security devices and infrastructure across IT and OT environments.
Endian Network is a centralized management platform for lifecycle management, updates, and monitoring of Endian security devices and infrastructure across IT and OT environments.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
Swimlane Turbine is a cloud-native security hyperautomation platform that uses AI to automate security operations workflows, integrate disparate security tools, and enhance incident response capabilities.
Swimlane Turbine is a cloud-native security hyperautomation platform that uses AI to automate security operations workflows, integrate disparate security tools, and enhance incident response capabilities.
Hoxhunt is a human risk management platform that combines adaptive phishing simulations, security awareness training, and automated security operations to reduce organizational cyber risk through employee behavior change.
Hoxhunt is a human risk management platform that combines adaptive phishing simulations, security awareness training, and automated security operations to reduce organizational cyber risk through employee behavior change.
A network detection and response platform that uses machine learning to analyze network metadata for threat detection without requiring hardware sensors or being affected by encryption.
A network detection and response platform that uses machine learning to analyze network metadata for threat detection without requiring hardware sensors or being affected by encryption.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
Infoblox Threat Defense is a DNS-layer security solution that detects and blocks threats across hybrid and multi-cloud environments by monitoring DNS traffic and leveraging threat intelligence.
A web isolation platform that enables secure, anonymous digital investigations across the surface, deep, and dark web while protecting users from malware and preventing identity exposure.
A web isolation platform that enables secure, anonymous digital investigations across the surface, deep, and dark web while protecting users from malware and preventing identity exposure.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
A cyber threat intelligence platform that provides actionable insights from adversarial sources to help organizations proactively detect and mitigate emerging threats.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
An enterprise cybersecurity platform that unifies endpoint, cloud, and identity security through an integrated data lake architecture with AI-powered analysis capabilities.
An enterprise cybersecurity platform that unifies endpoint, cloud, and identity security through an integrated data lake architecture with AI-powered analysis capabilities.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A centralized management console for efficiently operating and monitoring large-scale, multitenant Logpoint SIEM deployments across customers, geographies, and organizational divisions.
A centralized management console for efficiently operating and monitoring large-scale, multitenant Logpoint SIEM deployments across customers, geographies, and organizational divisions.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
An investigative analytics platform that uses machine learning to fuse and analyze data from multiple sources, enabling security organizations to extract insights and identify patterns for threat prevention and complex investigations.
An investigative analytics platform that uses machine learning to fuse and analyze data from multiple sources, enabling security organizations to extract insights and identify patterns for threat prevention and complex investigations.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.
PlexTrac is a centralized platform for penetration test reporting and threat exposure management that helps security teams streamline assessment workflows, prioritize remediation, and track security posture improvements.
PlexTrac is a centralized platform for penetration test reporting and threat exposure management that helps security teams streamline assessment workflows, prioritize remediation, and track security posture improvements.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
A threat exposure management platform that unifies security operations by discovering assets, prioritizing vulnerabilities based on risk, and providing guided remediation across an organization's attack surface.
A threat exposure management platform that unifies security operations by discovering assets, prioritizing vulnerabilities based on risk, and providing guided remediation across an organization's attack surface.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
JustGuard is a cybersecurity platform that detects and takes down phishing attacks before they can harm businesses or their customers.
JustGuard is a cybersecurity platform that detects and takes down phishing attacks before they can harm businesses or their customers.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
An AI-powered SOC automation platform that performs autonomous alert triage, investigation, and incident response while augmenting human analyst capabilities.
A cybersecurity and privacy playbook management platform that enables teams to create, store, share, and implement standardized security procedures through a no-code interface.
A cybersecurity and privacy playbook management platform that enables teams to create, store, share, and implement standardized security procedures through a no-code interface.
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
An AI-driven security automation platform that uses specialized agents to assist security teams in SOC operations, GRC, and threat hunting tasks.
An AI-driven security automation platform that uses specialized agents to assist security teams in SOC operations, GRC, and threat hunting tasks.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.
A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.
A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.
A vulnerability remediation platform that consolidates security findings, prioritizes risks using AI, and automates remediation workflows across cloud and application environments.
A vulnerability remediation platform that consolidates security findings, prioritizes risks using AI, and automates remediation workflows across cloud and application environments.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Exabeam Security Operations Platform is a cloud-native security platform that applies AI and automation to security operations workflows for threat detection, investigation, and response.
Anomali is an AI-Powered Security Operations Platform that delivers speed, scale, and performance at a reduced cost, combining ETL, SIEM, XDR, SOAR, and TIP to detect, investigate, respond, and remediate threats.
Anomali is an AI-Powered Security Operations Platform that delivers speed, scale, and performance at a reduced cost, combining ETL, SIEM, XDR, SOAR, and TIP to detect, investigate, respond, and remediate threats.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
CrowdStrike Charlotte AI is a conversational AI assistant that accelerates security operations by automating tasks and providing faster intelligence through generative AI capabilities.
CrowdStrike Charlotte AI is a conversational AI assistant that accelerates security operations by automating tasks and providing faster intelligence through generative AI capabilities.
FortiAI is an AI assistant that uses generative AI combined with Fortinet's security expertise to guide analysts through threat investigation, response automation, and complex SecOps workflows.
FortiAI is an AI assistant that uses generative AI combined with Fortinet's security expertise to guide analysts through threat investigation, response automation, and complex SecOps workflows.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Infinity Platform / Infinity AI is an AI-powered threat intelligence and generative AI service that combines AI-powered threat intelligence with generative AI capabilities for comprehensive threat prevention, automated threat response, and efficient security administration.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A Splunk application that processes honeypot data from hpfeeds channels to generate clustered meta-events and visualizations for security analysis.
A Splunk application that processes honeypot data from hpfeeds channels to generate clustered meta-events and visualizations for security analysis.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
A general cybersecurity news site providing discussions and news on various cybersecurity topics.
A general cybersecurity news site providing discussions and news on various cybersecurity topics.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
Tenzir is a data pipeline solution that provides security data management capabilities through pipelines, nodes, and a centralized platform for analytics and detection operations.
Tenzir is a data pipeline solution that provides security data management capabilities through pipelines, nodes, and a centralized platform for analytics and detection operations.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
Automate security incident handling and facilitate real-time activities of incident handlers.
Automate security incident handling and facilitate real-time activities of incident handlers.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.
A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.
A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.
A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.
A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.
A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
Adversary emulation framework for testing security measures in network environments.
Adversary emulation framework for testing security measures in network environments.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
Sample detection rules and dashboards for Google Security Operations
Sample detection rules and dashboards for Google Security Operations
Symantec Enterprise Cloud provides comprehensive cybersecurity for large enterprises, with a focus on data-centric hybrid security and innovation in threat and data protection.
Symantec Enterprise Cloud provides comprehensive cybersecurity for large enterprises, with a focus on data-centric hybrid security and innovation in threat and data protection.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
A framework for improving detection strategies and alert efficacy.
A framework for improving detection strategies and alert efficacy.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
Free online ethical hacking course covering penetration testing, web app assessments, exploit development, and security operations.
Free online ethical hacking course covering penetration testing, web app assessments, exploit development, and security operations.
A simple maturity model for enterprise detection and response
A simple maturity model for enterprise detection and response
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.
A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.
A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
Open Source Threat Intelligence Gathering and Processing Framework
Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.
Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
A multi-cloud asset enumeration tool that helps blue teams centralize and inventory assets across multiple cloud providers with minimal configuration.
A multi-cloud asset enumeration tool that helps blue teams centralize and inventory assets across multiple cloud providers with minimal configuration.
A repository of public applications for the Shuffle security orchestration platform that enables automated security workflows and integrations.
A repository of public applications for the Shuffle security orchestration platform that enables automated security workflows and integrations.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
A testing tool that generates suspect actions to validate and test Falco runtime security monitoring rulesets.
A testing tool that generates suspect actions to validate and test Falco runtime security monitoring rulesets.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
A collection of detections for Panther SIEM with detailed setup instructions.
A collection of detections for Panther SIEM with detailed setup instructions.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
Template-based incident response runbooks for AWS environments following NIST guidelines to help organizations handle common cloud security incidents.
Template-based incident response runbooks for AWS environments following NIST guidelines to help organizations handle common cloud security incidents.
WALKOFF is an automation framework that provides drag-and-drop workflow creation capabilities for integrating security tools and automating repetitive tasks.
WALKOFF is an automation framework that provides drag-and-drop workflow creation capabilities for integrating security tools and automating repetitive tasks.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.