Security Operations

A Splunk application that processes honeypot data from hpfeeds channels to generate clustered meta-events and visualizations for security analysis.

Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.

A general cybersecurity news site providing discussions and news on various cybersecurity topics.

A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.

Tenzir is a data pipeline solution that provides security data management capabilities through pipelines, nodes, and a centralized platform for analytics and detection operations.

SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.

Automate security incident handling and facilitate real-time activities of incident handlers.

An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.

RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.

SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.

SOAR platform for orchestrating security products and automating SOC tasks

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

Adversary emulation framework for testing security measures in network environments.

Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.

FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.

Sample detection rules and dashboards for Google Security Operations

Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.